CVE-2026-37428

EUVD-2026-29946
qihang-wms commit 75c15a was discovered to contain a SQL injection vulnerability via the datascope parameter in the SysDeptMapper.xml file. This vulnerability allows attackers to access sensitive database information, including users' Personally Identifiable Information (PII).
SQL Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Common Weakness Enumeration
References
https://gist.github.com/Y4y17/6587147a37eba5b31de832e067f317ef
https://github.com/Y4y17/CVE/blob/main/%E5%90%AF%E8%88%AA%E7%94%B5%E5%95%86WMS/SQL%20injection%20vulnerability-1.md