22 matches found
CVE-2025-41020
Insecure direct object reference IDOR vulnerability in Sergestec's Exito v8.0. This vulnerability allows an attacker to access data belonging to other customers through the 'id' parameter in '/admin/ticketa4.php'...
CVE-2025-41018
SQL injection in Sergestec's Exito v8.0. This vulnerability allows an attacker to retrieve, create, update, and delete databases through the 'cat' parameter in '/public.php'...
CVE-2025-41021
Stored Cross-Site Scripting XSS in Sergestec's Exito v8.0, consisting of a stored XSS due to a lack of proper validation of user input by sending a POST request using the 'obs' parameter in '/admin/index.php?action=productupdate'. This vulnerability could allow a remote user to send a specially...
CVE-2025-41021
Stored Cross-Site Scripting XSS in Sergestec's Exito v8.0, consisting of a stored XSS due to a lack of proper validation of user input by sending a POST request using the 'obs' parameter in '/admin/index.php?action=productupdate'. This vulnerability could allow a remote user to send a specially...
CVE-2025-41020
Insecure direct object reference IDOR vulnerability in Sergestec's Exito v8.0. This vulnerability allows an attacker to access data belonging to other customers through the 'id' parameter in '/admin/ticketa4.php'...
CVE-2025-41018
SQL injection in Sergestec's Exito v8.0. This vulnerability allows an attacker to retrieve, create, update, and delete databases through the 'cat' parameter in '/public.php'...
EUVD-2025-34732
Stored Cross-Site Scripting XSS in Sergestec's Exito v8.0, consisting of a stored XSS due to a lack of proper validation of user input by sending a POST request using the 'obs' parameter in '/admin/index.php?action=productupdate'. This vulnerability could allow a remote user to send a specially...
CVE-2025-41021 Stored Cross-Site Scripting (XSS) vulnerability in Sergestec's Exito
Stored Cross-Site Scripting XSS in Sergestec's Exito v8.0, consisting of a stored XSS due to a lack of proper validation of user input by sending a POST request using the 'obs' parameter in '/admin/index.php?action=productupdate'. This vulnerability could allow a remote user to send a specially...
CVE-2025-41020 Insecure direct object reference (IDOR) vulnerability in Sergestec's Exito
Insecure direct object reference IDOR vulnerability in Sergestec's Exito v8.0. This vulnerability allows an attacker to access data belonging to other customers through the 'id' parameter in '/admin/ticketa4.php'...
EUVD-2025-34733
Insecure direct object reference IDOR vulnerability in Sergestec's Exito v8.0. This vulnerability allows an attacker to access data belonging to other customers through the 'id' parameter in '/admin/ticketa4.php'...
CVE-2025-41020
CVE-2025-41020 affects Sergestec Exito v8.0. An IDOR in /admin/ticket_a4.php (id parameter) allows access to other customers’ data. Root cause: insecure direct object reference. Impact per sources includes HIGH confidentiality impact (CVE metrics: CVSS v3.1 base 7.5, AV:N/AC:L/PR:N/UI:N/S:U/C:H/I...
CVE-2025-41020 Insecure direct object reference (IDOR) vulnerability in Sergestec's Exito
Insecure direct object reference IDOR vulnerability in Sergestec's Exito v8.0. This vulnerability allows an attacker to access data belonging to other customers through the 'id' parameter in '/admin/ticketa4.php'...
CVE-2025-41019 SQL injection vulnerability in Sergestec's Exito
SQL injection in Sergestec's SISTICK v7.2. This vulnerability allows an attacker to retrieve, create, update, and delete databases through the 'id' parameter in '/index.php?view=ticketdetail'...
CVE-2025-41019
The CVE-2025-41019 entry affects Sergestec’s SISTICK v7.2, where a SQL injection vulnerability exists in the /index.php?view=ticket_detail endpoint via the id parameter. The underlying flaw allows an unauthenticated attacker to retrieve, create, update, or delete databases through this parameter,...
CVE-2025-41019 SQL injection vulnerability in Sergestec's Exito
SQL injection in Sergestec's SISTICK v7.2. This vulnerability allows an attacker to retrieve, create, update, and delete databases through the 'id' parameter in '/index.php?view=ticketdetail'...
CVE-2025-41018 SQL injection vulnerability in Sergestec's Exito
SQL injection in Sergestec's Exito v8.0. This vulnerability allows an attacker to retrieve, create, update, and delete databases through the 'cat' parameter in '/public.php'...
CVE-2025-41018 SQL injection vulnerability in Sergestec's Exito
SQL injection in Sergestec's Exito v8.0. This vulnerability allows an attacker to retrieve, create, update, and delete databases through the 'cat' parameter in '/public.php'...
CVE-2025-41018
The CVE-2025-41018 entry details a SQL injection in Sergestec’s Exito v8.0. The vulnerability is reachable via the cat parameter in /public.php, allowing an attacker to retrieve, create, update, and delete databases. Connected sources (Red Hat, NVD, CVE lists, ENISA/EUVD) corroborate the same des...
EUVD-2025-34736
SQL injection in Sergestec's Exito v8.0. This vulnerability allows an attacker to retrieve, create, update, and delete databases through the 'cat' parameter in '/public.php'...
Sergestec Exito 安全漏洞
Sergestec Exito is a sales platform from Sergestec, Inc. A security vulnerability exists in Sergestec Exito version v8.0, which stems from incorrect manipulation of the parameter id in the file /admin/ticketa4.php, which could lead to unsafe direct object references...