PT-2025-12370 · Centralsquare · Etrakit.Net
Publicado
2025-03-20
·
Atualizado
2025-03-21
·
CVE-2025-29980
CVSS v3.1
9.8
Crítica
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
eTRAKiT.Net version 3.2.1.77
Description
A SQL injection issue has been discovered due to improper input validation, allowing a remote unauthenticated attacker to run arbitrary commands as the current MS SQL server account.
Recommendations
For eTRAKiT.Net version 3.2.1.77, it is recommended that the CRM feature is turned off.
Users are recommended to migrate to the latest version of CentralSquare Community Development, as eTRAKiT.Net is no longer supported.
Correção
SQL injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Etrakit.Net