[Vulnerability Alert] SQL Injection Vulnerability Exists in SFT Developed by Digital China

Date Posted: 2025/07/31

Subject: [Vulnerability Alert] SQL Injection Vulnerability Exists in SFT Developed by Digital China

Content:
- Forwarded from Taiwan Computer Network Emergency Response Team/Coordination Center TWCERTCC-200-202507-00000018
- [Digital China | SFT - SQL Injection] (CVE-2025-7343, CVSS: 9.8) A SQL Injection vulnerability exists in SFT developed by Digital China. An unauthenticated remote attacker can inject arbitrary SQL commands to access, modify, or delete database content.
Affected Platforms:
- SFT version 3.7.12 (inclusive) and earlier
Recommended Action:
- Update to version 3.7.4.5 (inclusive) or later and install patch KB202505001
References:
- https://www.twcert.org.tw/tw/cp-132-10270-83d95-1.html

Computer and Communications Center
Network Systems Group