2026-01-15 15:52:14
VulnCheck
PUBLISHED
Build Smart ERP 21.0817 contains an unauthenticated SQL injection vulnerability in the eidValue parameter of the login validation endpoint. Attackers can inject stacked SQL queries using payloads like ;WAITFOR DELAY 0:0:3-- to manipulate database queries and potentially extract or modify database information.