CVE-2025-10460

Name of the Vulnerable Software and Affected Versions BEIMS Contractor Web versions prior to 5.7.139

Description A SQL Injection issue exists in BEIMS Contractor Web, a legacy product that is no longer maintained or patched by the vendor. This allows an unauthorized user to retrieve sensitive database contents through unsanitized parameter input. The issue occurs due to improper input validation on the /BEIMSWeb/contractor.asp endpoint. Successful exploitation requires the contractor.asp endpoint to be open to the internet and allows attackers to execute arbitrary SQL commands, potentially compromising the confidentiality, integrity, and availability of the database.

Recommendations Versions prior to 5.7.139 are vulnerable. At the moment, there is no information about a newer version that contains a fix for this vulnerability.