PT-2025-12370 · Centralsquare · Etrakit.Net
Published
2025-03-20
·
Updated
2025-03-21
·
CVE-2025-29980
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
eTRAKiT.Net version 3.2.1.77
Description
A SQL injection issue has been discovered due to improper input validation, allowing a remote unauthenticated attacker to run arbitrary commands as the current MS SQL server account.
Recommendations
For eTRAKiT.Net version 3.2.1.77, it is recommended that the CRM feature is turned off.
Users are recommended to migrate to the latest version of CentralSquare Community Development, as eTRAKiT.Net is no longer supported.
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Etrakit.Net