CVE-2025-34162 Bian Que Feijiu Intelligent Emergency and Quality Control System SQL Injection via GetLyfsByParams

🗓️ 27 Aug 2025 21:22:34Reported by VulnCheckType

CVE-2025-34162: Unauthenticated SQL injection in GetLyfsByParams (strOpid) of the Firstaid App web service; may exfiltrate data and bypass authentication.

Reporter	Title	Published	Views	Family All 10
ATTACKERKB	CVE-2025-34162	27 Aug 202521:22	–	attackerkb
Circl	CVE-2025-34162	29 Aug 202521:02	–	circl
CNNVD	Bian Que Feijiu Intelligent Emergency and Quality Control System 安全漏洞	27 Aug 202500:00	–	cnnvd
CVE	CVE-2025-34162	27 Aug 202521:22	–	cve
EUVD	EUVD-2025-26059	3 Oct 202520:07	–	euvd
NVD	CVE-2025-34162	27 Aug 202522:15	–	nvd
Positive Technologies	PT-2025-34944	27 Aug 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-34162	30 Aug 202518:18	–	redhatcve
VulnCheck KEV	VulnCheck KEV: CVE-2025-34162	23 Jul 202500:00	–	vulncheck_kev
Vulnrichment	CVE-2025-34162 Bian Que Feijiu Intelligent Emergency and Quality Control System SQL Injection via GetLyfsByParams	27 Aug 202521:22	–	vulnrichment

[
  {
    "defaultStatus": "unknown",
    "modules": [
      "/AppService/BQMedical/WebServiceForFirstaidApp.asmx",
      "GetLyfsByParams"
    ],
    "product": "Bian Que Feijiu Intelligent Emergency and Quality Control System",
    "vendor": "Feijiu Medical Technology Co., Ltd.",
    "versions": [
      {
        "lessThanOrEqual": "pre-June 2025 builds",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
cn-sec	www.cn-sec.com/archives/4160402.html
ivtbq	www.ivtbq.com/
github	www.github.com/wooluo/nuclei-templates-2025hw/blob/main/bianque-medical-sql-injection.yaml
vulncheck	www.vulncheck.com/advisories/bian-que-feiju-intelligent-emergency-and-quality-control-system-sqli

26 May 2026 11:51Current

CVSS 49.3

EPSS0.0071

CWE-89