PT-2025-21834 · Advaya Softech · Advaya Softech Gems Erp Portal
Kuppamjohari
·
Published
2025-05-18
·
Updated
2025-05-18
·
CVE-2025-4863
CVSS v3.1
8.6
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L |
Name of the Vulnerable Software and Affected Versions:
Advaya Softech GEMS ERP Portal version 2.1
Description:
A critical issue was found in the software, affecting an unknown part of the file "/studentLogin/studentLogin.action". The manipulation of the
userId argument leads to SQL injection. It is possible to initiate the attack remotely.Recommendations:
For Advaya Softech GEMS ERP Portal version 2.1, consider restricting access to the "/studentLogin/studentLogin.action" endpoint until a patch is available. As a temporary workaround, avoid using the
userId argument in the affected endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.Exploit
Fix
Special Elements Injection
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Advaya Softech Gems Erp Portal