CVE-2025-29267

Name of the Vulnerable Software and Affected Versions: Abis, Inc Adjutant Core Accounting ERP version v.PreBeta250F

Description: The issue allows a remote attacker to obtain sensitive information via the cid parameter in the GET request. This is a SQL Injection vulnerability, which means an attacker can inject malicious SQL code to manipulate the database and extract sensitive data.

Recommendations: For Abis, Inc Adjutant Core Accounting ERP version v.PreBeta250F, consider restricting access to the vulnerable cid parameter in the GET request until a patch is available. As a temporary workaround, avoid using the cid parameter in affected API endpoints to minimize the risk of exploitation.