25 matches found
CVE-2025-10460
A SQL Injection vulnerability on an endpoint in BEIMS Contractor Web, a legacy product that is no longer maintained or patched by the vendor, allows an unauthorised user to retrieve sensitive database contents via unsanitized parameter input. This vulnerability occurs due to improper input...
CVE-2025-10460
A SQL Injection vulnerability on an endpoint in BEIMS Contractor Web, a legacy product that is no longer maintained or patched by the vendor, allows an unauthorised user to retrieve sensitive database contents via unsanitized parameter input. This vulnerability occurs due to improper input...
EUVD-2025-197751
A SQL Injection vulnerability on an endpoint in BEIMS Contractor Web, a legacy product that is no longer maintained or patched by the vendor, allows an unauthorised user to retrieve sensitive database contents via unsanitized parameter input. This vulnerability occurs due to improper input...
CVE-2025-10460
Summary: CVE-2025-10460 is a SQL Injection vulnerability in FMI/BEIMS Contractor Web. Affected component: the /BEIMSWeb/contractor.asp endpoint on BEIMS Contractor Web (version 5.7.139 is confirmed vulnerable). Root cause: improper input validation leading to unsanitized parameter input that can ...
FMI BEIMS Contractor Web 安全漏洞
FMI BEIMS Contractor Web is a module for a facility management system from FMI Australia. A security vulnerability exists in FMI BEIMS Contractor Web version 5.7.139, which originates from improper validation of /BEIMSWeb/contractor.asp endpoint inputs and could lead to a SQL injection attack...
Code injection
ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 allows access to various /UserManagement/ privileged modules without authenticating the user; an attacker can misuse these functionalities to perform unauthorized actions, as demonstrated by Edit User Details...
CVE-2018-5329
ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 is vulnerable to Cross-Site Request Forgery CSRF on /CWEBNET/ authenticated pages. A successful CSRF attack can force the user to modify state: creating users, changing an email address, and so forth. If the victim is an administrative account, CSRF can...
CVE-2018-5329
ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 is vulnerable to Cross-Site Request Forgery CSRF on /CWEBNET/ authenticated pages. A successful CSRF attack can force the user to modify state: creating users, changing an email address, and so forth. If the victim is an administrative account, CSRF can...
Cross site request forgery (csrf)
ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 is vulnerable to Cross-Site Request Forgery CSRF on /CWEBNET/ authenticated pages. A successful CSRF attack can force the user to modify state: creating users, changing an email address, and so forth. If the victim is an administrative account, CSRF can...
CVE-2018-5328
ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 allows access to various /UserManagement/ privileged modules without authenticating the user; an attacker can misuse these functionalities to perform unauthorized actions, as demonstrated by Edit User Details...
CVE-2018-5328
ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 allows access to various /UserManagement/ privileged modules without authenticating the user; an attacker can misuse these functionalities to perform unauthorized actions, as demonstrated by Edit User Details...
CVE-2018-5328
ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 allows access to various /UserManagement/ privileged modules without authenticating the user; an attacker can misuse these functionalities to perform unauthorized actions, as demonstrated by Edit User Details...
CVE-2018-5328
CVE-2018-5328 affects ZUUSE BEIMS ContractorWeb .NET 5.18.0.0. The vulnerability allows access to multiple /UserManagement/ privileged modules without user authentication, enabling an attacker to perform unauthorized actions (demonstrated by editing user details). The root cause is insufficient a...
CVE-2018-5329
ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 is vulnerable to Cross-Site Request Forgery CSRF on /CWEBNET/ authenticated pages. A successful CSRF attack can force the user to modify state: creating users, changing an email address, and so forth. If the victim is an administrative account, CSRF can...
CVE-2018-5329
CVE-2018-5329 concerns ZUUSE BEIMS ContractorWeb .NET 5.18.0.0, with a CSRF vulnerability on authenticated “/CWEBNET/” pages. The root cause is cross-site request forgery that can force state-changing actions such as creating users or changing an email, potentially compromising the web applicatio...
BEIMS ContractorWeb 5.18.0.0 SQL Injection
Exploit Title: SQL Injection Date: 18 December, 2017 Exploit Author: Rajwinder Singh Vendor Homepage: http://www.beims.com/products/ Software Link: http://www.beims.com/optional-modules/ccw Version: BEIMS ContractorWeb .NET System 5.18.0.0 CVE : 2017-17721 Vulnerability Details:...
BEIMS ContractorWeb 5.18.0.0 - SQL Injection
BEIMS ContractorWeb 5.18.0.0 - SQL Injection Exploit Title: SQL Injection Date: 18 December, 2017 Exploit Author: Rajwinder Singh Vendor Homepage: http://www.beims.com/products/ Software Link: http://www.beims.com/optional-modules/ccw Version: BEIMS ContractorWeb .NET System 5.18.0.0 CVE :...
ZUUSE BEIMS ContractorWeb .NET SQL Injection Vulnerability
ZUUSE BEIMS ContractorWeb .NET is a suite of infrastructure management software from ZUUSE Australia. A SQL injection vulnerability exists in CWEBNET/WOSummary/List in ZUUSE BEIMS ContractorWeb .NET version 5.18.0.0. A remote attacker could exploit this vulnerability to compromise a database or...
BEIMS ContractorWeb 5.18.0.0 - SQL Injection Vulnerability
Exploit for windows platform in category web applications Exploit Title: SQL Injection Date: 18 December, 2017 Exploit Author: Rajwinder Singh Vendor Homepage: http://www.beims.com/products/ Software Link: http://www.beims.com/optional-modules/ccw Version: BEIMS ContractorWeb .NET System 5.18.0.0...
BEIMS ContractorWeb 5.18.0.0 - SQL Injection
Exploit Title: SQL Injection Date: 18 December, 2017 Exploit Author: Rajwinder Singh Vendor Homepage: http://www.beims.com/products/ Software Link: http://www.beims.com/optional-modules/ccw Version: BEIMS ContractorWeb .NET System 5.18.0.0 CVE : 2017-17721 Vulnerability Details:...