Primary

Context

RIB Build Smart ERP SQL Injection Vulnerability in Login Validation Endpoint

Vulnerability

An unauthenticated SQL injection vulnerability has been identified in RIB Build Smart ERP version 21.0817. The issue resides in the 'eidValue' parameter of the login validation endpoint, where attackers can inject stacked SQL queries to manipulate database queries. This could potentially allow for the extraction or modification of database information.

Impact

Exploitation of this vulnerability allows for unauthenticated SQL injection, enabling attackers to manipulate database queries and potentially access or alter database information.

Reproduction

To reproduce this vulnerability, send a POST request to the login validation endpoint with the 'eidValue' parameter. Include a payload that injects a stacked SQL query, such as one that uses 'WAITFOR DELAY' to test the injection. The application is vulnerable if the injected SQL query is executed, indicating successful exploitation.

Added: Jan 15, 2026, 4:31 PM

Updated: Jan 15, 2026, 4:31 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

8.7

remediation

0.0

relevance

2.0

threat

6.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

8.7

remediation

0.0

relevance

2.0

threat

6.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

RIB Build Smart ERP SQL Injection Vulnerability in Login Validation Endpoint

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating