PT-2025-32335 · Wanzhou · Woes Intelligent Optimization Energy Saving System

Cgs1234

·

Publicado

2025-08-08

·

Atualizado

2025-09-03

·

CVE-2025-8703

CVSS v3.1

8.8

Alta

VetorAV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Wanzhou WOES Intelligent Optimization Energy Saving System version 1.0
Description A critical vulnerability exists in Wanzhou WOES Intelligent Optimization Energy Saving System 1.0, specifically within the Environmental Real-Time Data Module. The vulnerability is a SQL injection, triggered by manipulating the energyId argument in the /WEAS HomePage/GetAreaTrendChartData API endpoint. This allows for remote attacks. The exploit for this issue has been publicly disclosed.
Recommendations As a temporary workaround, restrict access to the /WEAS HomePage/GetAreaTrendChartData API endpoint. Sanitize the energyId argument to prevent SQL injection.

Exploit

Correção

SQL injection

Special Elements Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-89CWE-74

Identificadores relacionados

CVE-2025-8703

Produtos afetados

Woes Intelligent Optimization Energy Saving System