CVE-2025-43923

Name of the Vulnerable Software and Affected Versions Unicom Focal Point version 7.6.1

Description An issue was discovered in ReportController, allowing a user with administrative privilege to perform SQL injection via the image parameter during a delete report image operation.

Recommendations For Unicom Focal Point version 7.6.1, consider restricting access to the delete report image operation to prevent potential SQL injection attacks until a patch is available. As a temporary workaround, limit the privileges of users who can perform this operation to minimize the risk of exploitation.