【Vulnerability Alert】 Hamastar WIMP Website Co-construction Management Platform Has SQL Injection Vulnerability

• Subject: 【Vulnerability Alert】 Hamastar WIMP Website Co-construction Management Platform Has SQL Injection Vulnerability

• Content:
  • Forwarded from Taiwan Computer Emergency Response Team/Coordination Center TWCERTCC-200-202506-00000010
  • 【Hamastar WIMP Website Co-construction Management Platform - SQL Injection】(CVE-2025-6169, CVSS: 9.8) Hamastar WIMP Website Co-construction Management Platform has a SQL Injection vulnerability. An unauthenticated remote attacker can inject arbitrary SQL commands to read, modify, and delete database content.
• Affected Platforms:
  • WIMP Website Co-construction Management Platform versions up to and including 5.3.1.34642
• Suggested Measures:
  • Update to version 5.3.1.34643 (inclusive) or later
• References:
  • [https://www.twcert.org.tw/tw/cp-132-10183-99ce1-1.html](https://www.twcert.org.tw/tw/cp-132-10183-99ce1-1.html)

Computer and Communications Center
Network Systems Division