CNNVD-202601-2909 Information

CNNVD ID

CNNVD-202601-2909

Related CVE

CVE-2026-1050

• CNNVD Published: 2026-01-17

Description (Chinese)

Digital-Infrastructure是有生软件（Risesoft）开源的一款管理支撑平台。 Digital-Infrastructure 9.6.7及之前版本存在SQL注入漏洞，该漏洞源于对文件source-code/src/main/java/net/risesoft/util/Y9PlatformUtil.java中组件REST Authenticate Endpoint的错误操作，可能导致SQL注入攻击。

Description (English)

Digital-Infrastructure is a management support platform for the open source of raw software (Risesoft). Digital-Infrastructure 9.6.7 and earlier versions had an injection loophole in SQL, which had originated from an error in the operation of the component of document source-code/src/main/java/net/risesoft/util/Y9PlatformUtil.java, which could have led to an attack on SQL.

Hazard Level

Medium

Vulnerability Type

SQL注入

Affected Vendor

有生软件

Published

2026-01-17

Last Modified

2026-02-24

References

https://github.com/risesoft-y9/Digital-Infrastructure/issues/2#issue-3777863959 https://vuldb.com/?id.341603 https://vuldb.com/?submit.731010 https://vuldb.com/?ctiid.341603 https://access.redhat.com/security/cve/cve-2026-1050