Описание
Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute operating system commands on the server by sending a POST request. The relationship between parameter and assigned identifier is a 'm' parameter in '/clt/LOGINFRM_CAT.ASP'.
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:andsoft:e-tms:25.03:*:*:*:*:*:*:*
EPSS
Процентиль: 60%
0.00392
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-77
CWE-78
Связанные уязвимости
CVSS3: 9.8
github
4 месяца назад
Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute operating system commands on the server by sending a POST request. The relationship between parameter and assigned identifier is a 'm' parameter in '/clt/LOGINFRM_CAT.ASP'.
EPSS
Процентиль: 60%
0.00392
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-77
CWE-78