Alexandre Zanni

Researcher fromSynacktiv
#13048of 53,624
20.4Total CVSS
Vulnerabilities · 3
Medium
1
High
2
PT-2025-28034
7.8
2025-07-04
Netmaker · Netmake Scriptcase · CVE-2025-47227
**Name of the Vulnerable Software and Affected Versions** Netmake ScriptCase versions prior to 9.12.006 (23) **Description** The Production Environment extension contains a flaw in the administrator password reset mechanism. An unauthenticated remote attacker can bypass authentication and take over the administrator account by sending specifically crafted GET and POST requests to the 'login.php' endpoint. This issue may be chained with other flaws to achieve remote code execution (RCE), which is the ability to execute arbitrary commands on the target server. **Recommendations** Update to a version later than 9.12.006 (23). As a temporary mitigation, implement immediate access restrictions to the production console.
PT-2025-28035
7.8
2025-07-04
Unknown · Scriptcase · CVE-2025-47228
Name of the Vulnerable Software and Affected Versions: Netmake ScriptCase versions 9.12.006 and earlier Description: The issue allows authenticated attackers to execute system commands via crafted HTTP requests due to shell injection in the SSH connection settings. Additionally, there is a mishandled Administrator password reset mechanism that can be exploited by making both a GET and a POST request to "login.php", allowing an unauthenticated attacker to bypass authentication via administrator account takeover. Recommendations: For versions 9.12.006 and earlier, as a temporary workaround, consider disabling the SSH connection settings in the Production Environment extension until a patch is available. Restrict access to the "login.php" file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2019-13087
4.8
2019-07-11
Vanderbilt University · Redcap · CVE-2019-13029
**Name of the Vulnerable Software and Affected Versions** REDCap versions 8.0.0 through 8.10.19 REDCap versions 9.0.0 through 9.1.1 **Description** The issue concerns multiple stored Cross-site scripting (XSS) problems in the admin panel and survey system. An attacker can inject arbitrary malicious HTML or JavaScript code into a user's web browser. **Recommendations** For REDCap versions 8.0.0 through 8.10.19, update to version 8.10.20 or later. For REDCap versions 9.0.0 through 9.1.1, update to version 9.1.2 or later.