CVE 5.3 MEDIUM

Wanzhou WOES Intelligent Optimization Energy Saving System Energy Overview Module CreateFunctionLog sql injection_CVE-2025-8706

August 7, 2025 invoker category_cve
5.3 / 10
MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A vulnerability has been found in Wanzhou WOES Intelligent Optimization Energy Saving System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /CommonSolution/CreateFunctionLog of the component Energy Overview Module. The manipulation of the argument MM_MenID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

AI Analysis

A SQL injection vulnerability in Wanzhou WOES Intelligent Optimization Energy Saving System's Energy Overview Module allows remote attackers to inject malicious SQL code via the MM_MenID argument in the CreateFunctionLog function. This could lead to unauthorized data access and system manipulation.

Basic Information

ID CVE-2025-8706
Source VulDB
Published Aug 8, 2025 at 01:32

Affected Product

Vendor Wanzhou
Product WOES Intelligent Optimization Energy Saving System
Version 1.0
Affected Versions Wanzhou WOES Intelligent Optimization Energy Saving System 1.0

CWE Classification

CWE-89 CWE-74

AI Assessment

AI Severity Medium
Vendor Wanzhou
Product WOES Intelligent Optimization Energy Saving System
Version 1.0

References

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.