PT-2025-42433 · Sergestec · Sergestec Exito

Ignacio Aldarabi

Published

2025-10-16

Updated

2025-10-21

CVE-2025-41018

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Sergestec Exito version 8.0

Description A SQL injection issue exists in Sergestec Exito version 8.0. This allows an attacker to retrieve, create, update, and delete databases. The vulnerability is present in the 'cat' parameter of the '/public.php' API endpoint. The cat parameter is susceptible to manipulation, potentially granting unauthorized database access.

Recommendations Apply a fix for Sergestec Exito version 8.0 to address the SQL injection issue in the '/public.php' endpoint.

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2025-41018

Affected Products

Sergestec Exito

PT-2025-42433 · Sergestec · Sergestec Exito

CVE-2025-41018

Weakness Enumeration

Related Identifiers

Affected Products

References · 8