CVE-2017-17721

CRITICAL

Zuuse Beims Contractorweb .net - SQL Injection

Title source: rule

Description

CWEBNET/WOSummary/List in ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 allows SQL injection via the tradestatus, assetno, assignto, building, domain, jobtype, site, trade, woType, workorderno, or workorderstatus parameter.

Exploits (1)

exploitdb WRITEUP

by Rajwinder Singh · textwebappswindows

https://www.exploit-db.com/exploits/43379

View Code ZIP pw:eip

References (6)

[Various Sources] https://www.cyber-security.ro/blog/2017/12/20/beims-contractorweb-5-18-0-0-sql-injection/

[Various Sources] https://0day.today/exploit/29277

[Issue Tracking, Third Party Advisory] https://becomepentester.blogspot.com/2017/12/ZUUSE-BEIMS-ContractorWeb-SQLInjection-CVE-2017-17721.html

[Exploit, Third Party Advisory] https://packetstormsecurity.com/files/145511/BEIMS-ContractorWeb-5.18.0.0-SQL-Injection.html

[Issue Tracking, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/43379/

[Issue Tracking] https://cxsecurity.com/issue/WLB-2017120155

Scores

CVSS v3 9.8

EPSS 0.0694

EPSS Percentile 91.5%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-89

Status published

Products (1)

zuuse/beims_contractorweb_.net 5.18.0.0

Published Dec 18, 2017

Tracked Since Feb 18, 2026