Simmeth System Supplier Manager is a supply chain software from Simmeth System GmbH, Germany.A SQL injection vulnerability exists in versions prior to Simmeth System GmbH Supplier Manager 5.6. The vulnerability stems from the application’s lack of validation of externally entered SQL statements, which could be exploited by an attacker to can use this vulnerability to inject raw SQL queries and execute arbitrary commands on the MSSQL server via the xp_cmdshell extension process.