PT-2025-40363 · Wandsoft · E-Tms

Maximilian Hildebrand

·

Published

2025-09-19

·

Updated

2025-10-02

·

CVE-2025-59743

CVSS v2.0

10

Critical

VectorAV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions AndSoft's e-TMS version 25.03
Description A SQL injection issue exists in AndSoft's e-TMS version 25.03. This allows an attacker to potentially retrieve, create, update, and delete databases by sending a POST request to the /inc/connect/CONNECTION.ASP API endpoint. The exploitation involves manipulation of the SessionID cookie.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

BDU:2025-12697
CVE-2025-59743

Affected Products

E-Tms