Advantive Veracore < 2025.1.1.3 SQL Injection

Advantive Veracore version prior to 2025.1.1.3 is vulnerable to SQL Injection in timeoutWarning.asp functionality, allowing attackers to execute arbitrary SQL queries via the PmSess1 parameter. No source data...

The vulnerability of the Advantive VeraCore cloud-based business process management system lies in its ability to allow unlimited loading of dangerous types of files, enabling attackers to gain unauthorized access to protected information.

The vulnerability of the Advantive VeraCore cloud-based business process management system is related to the unlimited loading of dangerous types of files. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized access to protected information...

CISA Adds Five Actively Exploited Vulnerabilities in Advantive VeraCore and Ivanti EPM to KEV List

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Monday added five security flaws impacting Advantive VeraCore and Ivanti Endpoint Manager EPM to its Known Exploited Vulnerabilities KEV catalog, based on evidence of active exploitation in the wild. The list of vulnerabilities is ...

Advantive VeraCore SQL Injection Vulnerability

Advantive VeraCore contains a SQL injection vulnerability in timeoutWarning.asp that allows a remote attacker to execute arbitrary SQL commands via the PmSess1 parameter...

Advantive VeraCore Unrestricted File Upload Vulnerability

Advantive VeraCore contains an unrestricted file upload vulnerability that allows a remote unauthenticated attacker to upload files to unintended folders via upload.apsx...

CVE-2025-25181

A SQL injection vulnerability in timeoutWarning.asp in Advantive VeraCore through 2025.1.0 allows remote attackers to execute arbitrary SQL commands via the PmSess1 parameter...

CVE-2024-57968

Advantive VeraCore before 2024.4.2.1 allows remote authenticated users to upload files to unintended folders e.g., ones that are accessible during web browsing by other users. upload.aspx can be used for this...

CVE-2025-25181

A SQL injection vulnerability in timeoutWarning.asp in Advantive VeraCore through 2025.1.0 allows remote attackers to execute arbitrary SQL commands via the PmSess1 parameter...

CVE-2024-57968

Advantive VeraCore before 2024.4.2.1 allows remote authenticated users to upload files to unintended folders e.g., ones that are accessible during web browsing by other users. upload.aspx can be used for this...

CVE-2025-25181

Advantive VeraCore (through 2025.1.0) contains a SQL injection in timeoutWarning.asp exploitable via the PmSess1 parameter, enabling remote arbitrary SQL execution. Evidence across sources indicates active exploitation of this vulnerability, with mitigations recommending disabling the PmSess1 par...

CVE-2025-25181

A SQL injection vulnerability in timeoutWarning.asp in Advantive VeraCore through 2025.1.0 allows remote attackers to execute arbitrary SQL commands via the PmSess1 parameter...

CVE-2025-25181

A SQL injection vulnerability in timeoutWarning.asp in Advantive VeraCore through 2025.1.0 allows remote attackers to execute arbitrary SQL commands via the PmSess1 parameter...

CVE-2024-57968

Advantive VeraCore before 2024.4.2.1 allows remote authenticated users to upload files to unintended folders e.g., ones that are accessible during web browsing by other users. upload.aspx can be used for this...

Advantive VeraCore 安全漏洞

Advantive VeraCore is a SaaS order and warehouse management software from Advantive. A security vulnerability exists in Advantive VeraCore version 2025.1.0 and earlier, which stems from the presence of an SQL injection in timeoutWarning.asp that allows remote attackers to execute arbitrary SQL...

PT-2025-5620 · Advantive · Veracore

Name of the Vulnerable Software and Affected Versions: Advantive VeraCore versions through 2025.1.0 Description: A SQL injection vulnerability in timeoutWarning.asp allows remote attackers to execute arbitrary SQL commands via the PmSess1 parameter. This issue is being actively exploited. The...

Advantive VeraCore 安全漏洞

Advantive VeraCore is a SaaS order and warehouse management software from Advantive. A security vulnerability exists in Advantive VeraCore versions prior to 2024.4.2.1, which stems from allowing remote authenticated users to upload files to unintended folders...

CVE-2024-57968

Advantive VeraCore before 2024.4.2.1 allows remote authenticated users to upload files to unintended folders e.g., ones that are accessible during web browsing by other users. upload.aspx can be used for this. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed...