Key Information Vulnerability Type: SQL Injection Vulnerability Affected System: Shikong Zhiyou ERP's sqlresult interface System Fingerprint Status: System fingerprint status indicates over a thousand users are using this system globally. Vulnerability Analysis: - In the class, there is a method that receives an external parameter "sql". - The external SQL parameter is executed directly at this location, leading to SQL injection. - The parameter in the constructor is a JSONObject, requiring additional key-value pairs to be embedded. Example Code Snippets setFieldValue Method getFieldValue Method Notes In the constructor, the parameter is a JSONObject, requiring additional key-value pairs to be embedded. ```json { "param": "value", "sql": "select * from version" }