CVE-2025-34162

🗓️ 27 Aug 2025 21:22:34Reported by VulnCheckType

cve🔗 web.nvd.nist.gov👁 13 Views🌐 WEB

Unauthenticated SQL injection in GetLyfsByParams via strOpid; can exfiltrate data or bypass authentication; affects pre-June 2025 builds.

Reporter	Title	Published	Views	Family All 10
ATTACKERKB	CVE-2025-34162	27 Aug 202521:22	–	attackerkb
Circl	CVE-2025-34162	29 Aug 202521:02	–	circl
CNNVD	Bian Que Feijiu Intelligent Emergency and Quality Control System 安全漏洞	27 Aug 202500:00	–	cnnvd
Cvelist	CVE-2025-34162 Bian Que Feijiu Intelligent Emergency and Quality Control System SQL Injection via GetLyfsByParams	27 Aug 202521:22	–	cvelist
EUVD	EUVD-2025-26059	3 Oct 202520:07	–	euvd
NVD	CVE-2025-34162	27 Aug 202522:15	–	nvd
Positive Technologies	PT-2025-34944	27 Aug 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-34162	30 Aug 202518:18	–	redhatcve
VulnCheck KEV	VulnCheck KEV: CVE-2025-34162	23 Jul 202500:00	–	vulncheck_kev
Vulnrichment	CVE-2025-34162 Bian Que Feijiu Intelligent Emergency and Quality Control System SQL Injection via GetLyfsByParams	27 Aug 202521:22	–	vulnrichment

Vulners

Node

feijiu_medical_technology bian_que_feijiu_intelligent_emergency_and_quality_control_systemRange0–pre-june 2025

[
  {
    "defaultStatus": "unknown",
    "modules": [
      "/AppService/BQMedical/WebServiceForFirstaidApp.asmx",
      "GetLyfsByParams"
    ],
    "product": "Bian Que Feijiu Intelligent Emergency and Quality Control System",
    "vendor": "Feijiu Medical Technology Co., Ltd.",
    "versions": [
      {
        "lessThanOrEqual": "pre-June 2025 builds",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
cn-sec	www.cn-sec.com/archives/4160402.html
ivtbq	www.ivtbq.com/
github	www.github.com/wooluo/nuclei-templates-2025hw/blob/main/bianque-medical-sql-injection.yaml
vulncheck	www.vulncheck.com/advisories/bian-que-feiju-intelligent-emergency-and-quality-control-system-sqli

Parameter	Position	Path	Description	CWE
strOpid	request body	AppService/BQMedical/WebServiceForFirstaidApp.asmx/GetLyfsByParams	Unauthenticated SQL injection in GetLyfsByParams via strOpid parameter	CWE-89

26 May 2026 14:16Current

6.3Medium risk

Vulners AI Score6.3

CVSS 49.3

EPSS0.0071

SSVC