Vulnerability Key Information Vulnerability Title SQL Injection vulnerability exists in the parameter of the file . Affected Products and Components Product: DedeBIZ CMS ( ) Affected Component: Version Version: v6.3.2 Vulnerability Description The parameter is not validated for type and is directly passed to the database query. In subsequent queries, the variable is derived from the untrusted input , allowing attackers to construct malicious SQL statements and execute arbitrary database operations. Critical Vulnerable Code Snippet Vulnerability Demonstration 1. On the page, click "Update Select Single page" to trigger . 2. Send a request with the following URL and payload to trigger SQL injection: - Request URL: - Payload: Patch Recommendation Perform strict type validation and input filtering on the parameter to ensure it cannot be used to construct malicious SQL statements. Use prepared statements or parameterized queries to prevent SQL injection.