CVE-2021-47777

Build Smart ERP 21.0817 - 'eidValue' SQL Injection (Unauthenticated)

CVSS 8.8 HIGHEPSS 0.2%CWE-89

Vexday Risk Score

21Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 8.8EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

15 Jan 2026Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

Build Smart ERP 21.0817 contains an unauthenticated SQL injection vulnerability in the 'eidValue' parameter of the login validation endpoint. Attackers can inject stacked SQL queries using payloads like ';WAITFOR DELAY '0:0:3'-- to manipulate database queries and potentially extract or modify database information.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

Affected products

Ribccs · Build Smart ERP

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://ribccs.com/solutions/solution-buildsmart https://www.exploit-db.com/exploits/50445