| Description: | | Mingyuan Real Estate ERP is an enterprise resource planning (ERP) system designed specifically for the real estate industry, aiming to help real estate enterprises achieve comprehensive information management, improve operational efficiency and management level. When verifying client IP rights, WebService of the ERP system of Mingyuan Real Estate does not carry out strict filtering and verification on X-Forwarded-For to obtain real IP addresses, resulting in SQL injection vulnerabilities. Unauthenticated malicious attackers use the SQL injection vulnerabilities to obtain information in the database. The attacker can even write commands to the server with high permissions to further obtain server system permissions. |