CRITICAL
Feijiu Medical Technology Co., Ltd.
CVE published 2025-08-27
CVE-2025-34162
An unauthenticated SQL injection vulnerability in the Bian Que Feijiu Intelligent Emergency and Quality Control System allows attackers to execute arbitrary SQL commands via the strOpid parameter in the GetLyfsByParams endpoint. The vulnerability resides in the /AppService/BQMedical/WebServiceForFirstaidApp.asmx interface and was first observed in active exploitation by the Shadowserver Foundation on 2025 [truncated]