ZUUSE BEIMS ContractorWeb .NET Cross-Site Request Forgery Vulnerability

ZUUSE BEIMS ContractorWeb .NET is a suite of infrastructure management software from ZUUSE Australia. A cross-site request forgery vulnerability exists in the /CWEBNET/ authenticated page in ZUUSE BEIMS ContractorWeb .NET version 5.18.0.0. A remote attacker could exploit this vulnerability to...

ZUUSE BEIMS ContractorWeb .NET SQL Injection Vulnerability

ZUUSE BEIMS ContractorWeb .NET is a suite of infrastructure management software from ZUUSE Australia. A SQL injection vulnerability exists in CWEBNET/WOSummary/List in ZUUSE BEIMS ContractorWeb .NET version 5.18.0.0. A remote attacker could exploit this vulnerability to compromise a database or...

CVE-2017-17721

CVE-2017-17721 describes an SQL injection vulnerability in ZUUSE BEIMS ContractorWeb .NET 5.18.0.0, specifically in WEBNET/WOSummary/List (CWEBNET/WOSummary/List). The underlying issue allows injection via multiple parameters: tradestatus, assetno, assignto, building, domain, jobtype, site, trade...