CVE-2026-37428
Severity CVSS v4.0:
Pending analysis
Type:
CWE-89
SQL Injection
Publication date:
13/05/2026
Last modified:
13/05/2026
Description
qihang-wms commit 75c15a was discovered to contain a SQL injection vulnerability via the datascope parameter in the SysDeptMapper.xml file. This vulnerability allows attackers to access sensitive database information, including users' Personally Identifiable Information (PII).
Impact
Base Score 3.x
6.50
Severity 3.x
MEDIUM



