Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Bian Que Feijiu Intelligent Emergency and Quality Control System SQL Injection via GetLyfsByParams
Vulnerability Description
An unauthenticated SQL injection vulnerability exists in the GetLyfsByParams endpoint of Bian Que Feijiu Intelligent Emergency and Quality Control System, accessible via the /AppService/BQMedical/WebServiceForFirstaidApp.asmx interface. The backend fails to properly sanitize user-supplied input in the strOpid parameter, allowing attackers to inject arbitrary SQL statements. This can lead to data exfiltration, authentication bypass, and potentially remote code execution, depending on backend configuration. The vulnerability is presumed to affect builds released prior to June 2025 and is said to be remediated in newer versions of the product, though the exact affected range remains undefined. Exploitation evidence was first observed by the Shadowserver Foundation on 2025-07-23 UTC.
CVSS Information
N/A
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Vulnerability Title
Bian Que Feijiu Intelligent Emergency and Quality Control System 安全漏洞
Vulnerability Description
Bian Que Feijiu Intelligent Emergency and Quality Control System(扁鹊飞救智能急救与质控系统)是中国扁鹊飞救(Bian Que Feijiu)公司的一款基于大急救与区域协同救治理念的急救管理系统。 Bian Que Feijiu Intelligent Emergency and Quality Control System存在安全漏洞,该漏洞源于GetLyfsByParams端点未清理strOpid参数,可能导致SQL注入攻击。
CVSS Information
N/A
Vulnerability Type
N/A