CVE-2022-45564 Information

Description

SQL Injection vulnerability in znfit Home improvement ERP management system V50_20220207v42 allows attackers to execute arbitrary sql commands via the userCode parameter to the wechat applet.

Reference

https://github.com/catwj/exp/blob/main/Injected%20by%20Shanghai%20Zhuangmeng%20Information%20Technology%20Co.%2C%20Ltd.md