CVE-2017-17721

CRITICAL

ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 - SQL Injection via Multiple Parameters

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-17721. PoCs published by Rajwinder Singh.

AI-analyzed exploit summary This is a writeup detailing SQL injection vulnerabilities in BEIMS ContractorWeb .NET System 5.18.0.0 via multiple POST parameters. It describes the vulnerability, impact, and proof-of-concept steps but does not include actual exploit code.

Description

CWEBNET/WOSummary/List in ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 allows SQL injection via the tradestatus, assetno, assignto, building, domain, jobtype, site, trade, woType, workorderno, or workorderstatus parameter.

Exploits (1)

exploitdb WRITEUP
by Rajwinder Singh · textwebappswindows
https://www.exploit-db.com/exploits/43379

This is a writeup detailing SQL injection vulnerabilities in BEIMS ContractorWeb .NET System 5.18.0.0 via multiple POST parameters. It describes the vulnerability, impact, and proof-of-concept steps but does not include actual exploit code.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: BEIMS ContractorWeb .NET System 5.18.0.0
No auth needed
Prerequisites: Access to the vulnerable endpoint · Ability to send crafted POST requests
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Issue Tracking, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/43379/
Various Sources x_refsource_misc
https://0day.today/exploit/29277
Issue Tracking x_refsource_misc
https://cxsecurity.com/issue/WLB-2017120155

Scores

CVSS v3 9.8
EPSS 0.0360
EPSS Percentile 87.9%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-89
Status published
Products (1)
zuuse/beims_contractorweb_.net 5.18.0.0
Published Dec 18, 2017
Tracked Since Feb 18, 2026