CNNVD-202507-2607 Information

CNNVD ID

CNNVD-202507-2607

Related CVE

CVE-2025-7343

• CNNVD Published: 2025-07-21

Description (Chinese)

Digiwin SFT是中国鼎捷（Digiwin）公司的一个生产追踪系统。 Digiwin SFT存在SQL注入漏洞，该漏洞源于未经验证的远程攻击者可注入任意SQL命令，可能导致读取、修改和删除数据库内容。

Description (English)

Digiwin SFT is a production tracking system for the company Digiwin in China. Digiwin SFT has an injection loophole in SQL, which stems from the fact that unverified remote assailants can inject any SQL order, which may lead to reading, modifying and deleting the contents of the database.

Hazard Level

Low

Vulnerability Type

SQL注入

Affected Vendor

鼎捷

Published

2025-07-21

Last Modified

2026-02-24

References

https://www.digiwin.com/tw/news/3568.html https://www.twcert.org.tw/en/cp-139-10271-25ea9-2.html https://www.twcert.org.tw/tw/cp-132-10270-83d95-1.html

Patch

https://www.digiwin.com/tw/news/3568.html