exploitDog

CVE-2025-59738

Опубликовано: 02 окт. 2025

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute operating system commands on the server by sending a POST request. The relationship between parameter and assigned identifier is a 'm' parameter in '/clt/LOGINFRM_BET.ASP'.

Ссылки

https://www.incibe.es/en/incibe-cert/notices/aviso/update-24092025-multiple-vulnerabilities-andsofts-e-tms
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:andsoft:e-tms:25.03:*:*:*:*:*:*:*

EPSS

Процентиль: 60%

0.00392

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-77

CWE-78

Связанные уязвимости

GHSA-jwq4-fq65-vg5q

CVSS3: 9.8

github

4 месяца назад

Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute operating system commands on the server by sending a POST request. The relationship between parameter and assigned identifier is a 'm' parameter in '/clt/LOGINFRM_BET.ASP'.

EPSS

Процентиль: 60%

0.00392

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-77

CWE-78