【Vulnerability Alert】 Hamastar WIMP Website Co-construction Management Platform Has SQL Injection Vulnerability

Date: 2025/06/17

Subject: 【Vulnerability Alert】 Hamastar WIMP Website Co-construction Management Platform Has SQL Injection Vulnerability

Content:
- Forwarded from Taiwan Computer Emergency Response Team/Coordination Center TWCERTCC-200-202506-00000010
- 【Hamastar WIMP Website Co-construction Management Platform - SQL Injection】(CVE-2025-6169, CVSS: 9.8) Hamastar WIMP Website Co-construction Management Platform has a SQL Injection vulnerability. An unauthenticated remote attacker can inject arbitrary SQL commands to read, modify, and delete database content.
Affected Platforms:
- WIMP Website Co-construction Management Platform versions up to and including 5.3.1.34642
Suggested Measures:
- Update to version 5.3.1.34643 (inclusive) or later
References:
- [https://www.twcert.org.tw/tw/cp-132-10183-99ce1-1.html](https://www.twcert.org.tw/tw/cp-132-10183-99ce1-1.html)

Computer and Communications Center
Network Systems Division