[Vulnerability Alert] SQL Injection Vulnerability in HAMASTAR Technology WIMP Web Co-construction Management Platform

publish date : 2025-06-19 update date : 2025-06-19

Source: Ministry of education information & communication security contingency platform

Publication Number TACERT-ANA-2025061709061212 Publication Time 2025/06/17 09:07
Incident Type ANA-Vulnerability Alert Discovery Time 2025/06/17 09:07
Impact Level Low  
[Subject]
[Vulnerability Alert] SQL Injection Vulnerability in HAMASTAR Technology WIMP Web Co-construction Management Platform
[Content]
Forwarded from TWCERTCC-200-202506-00000010

HAMASTAR Technology WIMP Web Co-construction Management Platform – SQL Injection (CVE-2025-6169, CVSS: 9.8) A SQL injection vulnerability has been discovered in the WIMP platform developed by HAMASTAR Technology. This vulnerability allows unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, or delete database contents.

Information Sharing Level: WHITE (Information content can be publicly disclosed)
[Affected Platform]
WIMP Web Co-construction Management Platform versions up to and including 5.3.1.34642
[Recommended Actions]
Update to version 5.3.1.34643 or later
[Reference]
https://www.twcert.org.tw/tw/cp-132-10183-99ce1-1.html
(This notification is for informational purposes only and does not constitute a cybersecurity incident).
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw
Organizer: Computer Center