SQL Injection Vulnerability in Wanzhou WOES Intelligent Optimization Energy Saving System
CVE-2025-8702

6.3MEDIUM

Key Information:

Vendor: Wanzhou
Status: WOES Intelligent Optimization Energy Saving System
Vendor: CVE Published:; 8 August 2025

What is CVE-2025-8702?

A security flaw has been identified in the Wanzhou WOES Intelligent Optimization Energy Saving System version 1.0. This vulnerability affects the Historical Data Query Module, specifically in the /CommonSolution/GetVariableByOneIDNew file. Through the manipulation of the ObjectID argument, an attacker can exploit this weakness to execute SQL injection attacks remotely. The nature of the vulnerability has been made public, and exploitation is considered feasible, making it essential for users to address this security issue promptly.

References

https://github.com/si12/xxx/issues/2

https://vuldb.com/?ctiid.319131

https://vuldb.com/?id.319131

CVSS V3.1

Score:

6.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 8, 2025