Date Posted: 2025/07/30
[Vulnerability Alert] SQL Injection Vulnerability in Dayang Technology's WinMatrix3 Web Suite
- Subject: [Vulnerability Alert] SQL Injection Vulnerability in Dayang Technology's WinMatrix3 Web Suite
- Content:
- Forwarded from Taiwan Computer Network Emergency Response Team/Coordination Center TWCERTCC-200-202507-00000016
- [Dayang Technology | WinMatrix3 Web Suite - SQL Injection] (CVE-2025-7918, CVSS: 9.8) A SQL Injection vulnerability exists in the WinMatrix3 Web suite developed by Dayang Technology. Unauthenticated remote attackers can inject arbitrary SQL commands to read, modify, and delete database content.
- Affected Platforms:
- WinMatrix Web versions 1.2.39.5 (inclusive) and earlier
- Recommended Action:
- Update AP to 3.852.5 (Web 1.2.39.5) and install the hotfix, or update AP to AP version 3.9.1 (Web 1.3.1) (inclusive) and later.
- References:
Computer and Communications Center
Network Systems Group
