CVE-2025-59742

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions AndSoft's e-TMS version 25.03

Description A SQL injection issue exists in AndSoft's e-TMS version 25.03. An attacker could potentially retrieve, create, update, and delete databases by sending a POST request. The vulnerability is related to the USRMAIL parameter within the '/inc/login/TRACK REQUESTFRMSQL.ASP' API endpoint.

Recommendations Apply a fix for AndSoft's e-TMS version 25.03 to address the SQL injection issue. Restrict access to the '/inc/login/TRACK REQUESTFRMSQL.ASP' API endpoint. Sanitize the USRMAIL parameter before processing it in the '/inc/login/TRACK REQUESTFRMSQL.ASP' endpoint.

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

BDU:2025-12663

CVE-2025-59742

Affected Products

E-Tms

CVE-2025-59742

Weakness Enumeration

Related Identifiers

Affected Products

References · 7