PT-2025-32325 · Wanzhou · Woes Intelligent Optimization Energy Saving System

Cgs1234

·

Publicado

2025-08-07

·

Atualizado

2025-09-03

·

CVE-2025-8702

CVSS v3.1

8.8

Alta

VetorAV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Wanzhou WOES Intelligent Optimization Energy Saving System version 1.0
Description A critical issue exists in Wanzhou WOES Intelligent Optimization Energy Saving System 1.0, specifically within the Historical Data Query Module. The vulnerability is a SQL injection, triggered by manipulating the ObjectID argument in the /CommonSolution/GetVariableByOneIDNew file. This allows for remote exploitation. The exploit details have been publicly disclosed.
Recommendations As a temporary workaround, consider restricting access to the /CommonSolution/GetVariableByOneIDNew file to minimize the risk of exploitation. Sanitize the ObjectID argument to prevent SQL injection attacks.

Exploit

Correção

Special Elements Injection

SQL injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-74CWE-89

Identificadores relacionados

CVE-2025-8702

Produtos afetados

Woes Intelligent Optimization Energy Saving System