2 matches found
TRUfusion Enterprise <= 7.10.4.0 - Admin Contact Portal
TRUfusion Enterprise versions 7.10.4.0 and earlier contained a vulnerability that allowed unauthenticated access to the Internal Admin Contact Page, resulting in the disclosure of PII including partner and contact names. id: CVE-2025-27225 info: name: TRUfusion Enterprise = 7.10.4.0 - Admin Conta...
PT-2025-40350
Name of the Vulnerable Software and Affected Versions TRUfusion Enterprise versions through 7.10.4.0 Description TRUfusion Enterprise through version 7.10.4.0 has an endpoint, /trufusionPortal/jsp/internal admin contact login.jsp, accessible to unauthenticated users. This allows attackers to acce...