SQL Injection vulnerability in Tongtianxing Technology Co., Ltd CMSV6 v.7.31.0.2 through v.7.31.0.3 allows a remote attacker to escalate privileges and obtain sensitive information via the ids parameter.
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.