| Description: | | The Tiandy Tianyu Network Security Audit System is designed for compliance logging and behavioral auditing of network traffic. Its reporting module exposes a web-accessible endpoint that accepts user-supplied input without adequate sanitization or parameterization. An unauthenticated attacker can embed arbitrary SQL syntax within requests to this endpoint, causing the backend database to execute injected statements. Exploitation grants unrestricted read access to the entire audit repository, user credentials, and system configurations; it also allows record tampering or deletion and can be chained with database privilege-escalation techniques to gain full control of the audit platform. Compromise of the audit trail eliminates the ability to reconstruct security incidents, breaks regulatory evidence chains, and exposes the organization to penalties, legal liability, and reputational damage. |