PT-2025-32335 · Wanzhou · Woes Intelligent Optimization Energy Saving System
Cgs1234
·
Published
2025-08-08
·
Updated
2025-09-03
·
CVE-2025-8703
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Wanzhou WOES Intelligent Optimization Energy Saving System version 1.0
Description
A critical vulnerability exists in Wanzhou WOES Intelligent Optimization Energy Saving System 1.0, specifically within the Environmental Real-Time Data Module. The vulnerability is a SQL injection, triggered by manipulating the
energyId argument in the /WEAS HomePage/GetAreaTrendChartData API endpoint. This allows for remote attacks. The exploit for this issue has been publicly disclosed.Recommendations
As a temporary workaround, restrict access to the
/WEAS HomePage/GetAreaTrendChartData API endpoint.
Sanitize the energyId argument to prevent SQL injection.Exploit
Fix
SQL injection
Special Elements Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Woes Intelligent Optimization Energy Saving System