cbcvebase.
CVE-2017-17721
published 2017-12-18

CVE-2017-17721: CWEBNET/WOSummary/List in ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 allows SQL injection via the tradestatus, assetno, assignto, building, domain, jobtype, site…

PriorityP261critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
3.60%
88.0th percentile
CWEBNET/WOSummary/List in ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 allows SQL injection via the tradestatus, assetno, assignto, building, domain, jobtype, site, trade, woType, workorderno, or workorderstatus parameter.

Affected

1 ranges
VendorProductVersion rangeFixed in
zuusebeims_contractorweb_net

Detection & IOCsextracted from sources · hover to see the quote

path/CWEBNET/WOSummary/List
  • Monitor HTTP POST requests to the path /CWEBNET/WOSummary/List for SQL injection payloads in the following parameters: tradestatus, assetno, assignto, building, domain, jobtype, site, trade, woType, workorderno, workorderstatus.
  • Exploitation is performed remotely via HTTP POST method; alert on POST requests to the vulnerable endpoint containing SQL metacharacters or error-based injection patterns in the listed parameters.
  • SQL error responses from the server following a POST to /CWEBNET/WOSummary/List are a strong indicator of active exploitation attempts.
  • ·The vulnerability affects specifically BEIMS ContractorWeb .NET System version 5.18.0.0; detections should be scoped to this version to reduce false positives.

CVSS provenance

nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.