Описание
A SQL injection vulnerability in timeoutWarning.asp in Advantive VeraCore through 2025.1.0 allows remote attackers to execute arbitrary SQL commands via the PmSess1 parameter.
A SQL injection vulnerability in timeoutWarning.asp in Advantive VeraCore through 2025.1.0 allows remote attackers to execute arbitrary SQL commands via the PmSess1 parameter.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2025-25181
- https://advantive.my.site.com/support/s/knowledge
- https://intezer.com/blog/research/xe-group-exploiting-zero-days
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-25181
- https://www.solissecurity.com/en-us/insights/xe-group-from-credit-card-skimming-to-exploiting-zero-days
Связанные уязвимости
CVSS3: 5.8
nvd
около 1 года назад
A SQL injection vulnerability in timeoutWarning.asp in Advantive VeraCore through 2025.1.0 allows remote attackers to execute arbitrary SQL commands via the PmSess1 parameter.