CVE-2025-59742

Publication date

2025-10-02 14:11:26

Family

INCIBE

State

PUBLISHED

Description

SQL injection vulnerability in AndSofts e-TMS v25.03. This vulnerability could allow an attacker to retrieve, create, update, and delete databases by sending a POST request. The relationship between parameter and assigned identifier is a USRMAIL parameter in/inc/login/TRACK_REQUESTFRMSQL.ASP.