Vulnerability Description
CWEBNET/WOSummary/List in ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 allows SQL injection via the tradestatus, assetno, assignto, building, domain, jobtype, site, trade, woType, workorderno, or workorderstatus parameter.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Zuuse | Beims Contractorweb .Net | 5.18.0.0 |
Related Weaknesses (CWE)
References
- https://0day.today/exploit/29277
- https://becomepentester.blogspot.com/2017/12/ZUUSE-BEIMS-ContractorWeb-SQLInjectIssue TrackingThird Party Advisory
- https://cxsecurity.com/issue/WLB-2017120155
- https://packetstormsecurity.com/files/145511/BEIMS-ContractorWeb-5.18.0.0-SQL-In
- https://www.cyber-security.ro/blog/2017/12/20/beims-contractorweb-5-18-0-0-sql-i
- https://www.exploit-db.com/exploits/43379/Issue TrackingThird Party AdvisoryVDB Entry
- https://0day.today/exploit/29277
- https://becomepentester.blogspot.com/2017/12/ZUUSE-BEIMS-ContractorWeb-SQLInjectIssue TrackingThird Party Advisory
- https://cxsecurity.com/issue/WLB-2017120155
- https://packetstormsecurity.com/files/145511/BEIMS-ContractorWeb-5.18.0.0-SQL-In
- https://www.cyber-security.ro/blog/2017/12/20/beims-contractorweb-5-18-0-0-sql-i
- https://www.exploit-db.com/exploits/43379/Issue TrackingThird Party AdvisoryVDB Entry
FAQ
What is CVE-2017-17721?
CVE-2017-17721 is a vulnerability with a CVSS score of 9.8 (CRITICAL). CWEBNET/WOSummary/List in ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 allows SQL injection via the tradestatus, assetno, assignto, building, domain, jobtype, site, trade, woType, workorderno, or workorder...
How severe is CVE-2017-17721?
CVE-2017-17721 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2017-17721?
Check the references section above for vendor advisories and patch information. Affected products include: Zuuse Beims Contractorweb .Net.