CVE 5.3 MEDIUM

Wanzhou WOES Intelligent Optimization Energy Saving System Historical Data Query Module GetVariableByOneIDNew sql injection_CVE-2025-8702

August 7, 2025 invoker category_cve
5.3 / 10
MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A vulnerability classified as critical has been found in Wanzhou WOES Intelligent Optimization Energy Saving System 1.0. This affects an unknown part of the file /CommonSolution/GetVariableByOneIDNew of the component Historical Data Query Module. The manipulation of the argument ObjectID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

AI Analysis

A critical SQL injection vulnerability exists in Wanzhou WOES Intelligent Optimization Energy Saving System 1.0, allowing remote attackers to inject malicious SQL code via the ObjectID argument in the GetVariableByOneIDNew function of the Historical Data Query Module.

Basic Information

ID CVE-2025-8702
Source VulDB
Published Aug 7, 2025 at 23:32

Affected Product

Vendor Wanzhou
Product WOES Intelligent Optimization Energy Saving System
Version 1.0
Affected Versions Wanzhou WOES Intelligent Optimization Energy Saving System 1.0

CWE Classification

CWE-89 CWE-74

AI Assessment

AI Severity High
Vendor Wanzhou
Product WOES Intelligent Optimization Energy Saving System
Version 1.0

References

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.