轉發 台灣電腦網路危機處理暨協調中心 TWCERTCC-200-202507-00000016
[內容說明]
【達煬科技|WinMatrix3 Web套件 - SQL Injection】(CVE-2025-7918,CVSS:9.8) 達煬科技開發之WinMatrix3 Web套件存在SQL Injection漏洞,未經身分鑑別之遠端攻擊者可注入任意SQL指令讀取、修改及刪除資料庫內容。
[影響平台]
● WinMatrix Web 1.2.39.5(含)以前版本
[建議措施]
更新AP至3.852.5(Web 1.2.39.5)並安裝hotfix,或更新AP至3.9.1(Web 1.3.1)(含)以後版本
[參考資料]
https://www.twcert.org.tw/tw/cp-132-10259-b4b38-1.html
Forwarded by Taiwan Computer Network Crisis Management and Coordination Center TWCERTCC-200-202507-00000016
[Content Description]
[Simopro|WinMatrix3 Web Suite - SQL Injection] (CVE-2025-7918, CVSS: 9.8) The WinMatrix3 Web Suite developed by Simopro has a SQL Injection vulnerability. Unauthenticated remote attackers can inject arbitrary SQL commands to read, modify, and delete database contents.
[Affected Platforms]
● WinMatrix Web 1.2.39.5 (inclusive) and earlier versions
[Recommended Measures]
Update AP to 3.852.5 (Web 1.2.39.5) and install hotfix, or update AP to 3.9.1 (Web 1.3.1) (inclusive) and later versions
[References]
https://www.twcert.org.tw/tw/cp-132-10259-b4b38-1.html