Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Unsanitized parameter input leading to SQL Injection vulnerability
Vulnerability Description
A SQL Injection vulnerability on an endpoint in BEIMS Contractor Web, a legacy product that is no longer maintained or patched by the vendor, allows an unauthorised user to retrieve sensitive database contents via unsanitized parameter input. This vulnerability occurs due to improper input validation on /BEIMSWeb/contractor.asp endpoint and successful exploitation requires a contractor.asp endpoint open to the internet. This vulnerability allows attackers to execute arbitrary SQL commands, compromising the confidentiality, integrity and potentially the availability of the database. Version 5.7.139 has been confirmed as vulnerable. Other versions have not been confirmed by the vendor and users should assume that all versions of BEIMS Contractor Web may be impacted until further guidance is provided by the vendor.
CVSS Information
N/A
Vulnerability Type
输入验证不恰当
Vulnerability Title
FMI BEIMS Contractor Web 安全漏洞
Vulnerability Description
FMI BEIMS Contractor Web是澳大利亚FMI公司的一个设施管理系统的模块。 FMI BEIMS Contractor Web 5.7.139版本存在安全漏洞,该漏洞源于/BEIMSWeb/contractor.asp端点输入验证不当,可能导致SQL注入攻击。
CVSS Information
N/A
Vulnerability Type
N/A