23 matches found
CVE-2025-52024
A vulnerability exists in the Aptsys POS Platform Web Services module thru 2025-05-28, which exposes internal API testing tools to unauthenticated users. By accessing specific URLs, an attacker is presented with a directory-style index listing all available backend services and POS web services,...
CVE-2025-52023
A vulnerability in the PHP backend of gemscms.aptsys.com.sg thru 2025-05-28 allows unauthenticated remote attackers to trigger detailed error messages that disclose internal file paths, code snippets, and stack traces. This occurs when specially crafted HTTP GET/POST requests are sent to public A...
CVE-2025-52025
An SQL Injection vulnerability exists in the GetServiceByRestaurantID endpoint of the Aptsys gemscms POS Platform backend thru 2025-05-28. The vulnerability arises because user input is directly inserted into a dynamic SQL query syntax without proper sanitization or parameterization. This allows ...
CVE-2025-52025
An SQL Injection vulnerability exists in the GetServiceByRestaurantID endpoint of the Aptsys gemscms POS Platform backend thru 2025-05-28. The vulnerability arises because user input is directly inserted into a dynamic SQL query syntax without proper sanitization or parameterization. This allows ...
CVE-2025-52023
A vulnerability in the PHP backend of gemscms.aptsys.com.sg thru 2025-05-28 allows unauthenticated remote attackers to trigger detailed error messages that disclose internal file paths, code snippets, and stack traces. This occurs when specially crafted HTTP GET/POST requests are sent to public A...
CVE-2025-52024
A vulnerability exists in the Aptsys POS Platform Web Services module thru 2025-05-28, which exposes internal API testing tools to unauthenticated users. By accessing specific URLs, an attacker is presented with a directory-style index listing all available backend services and POS web services,...
CVE-2025-52024
A vulnerability exists in the Aptsys POS Platform Web Services module thru 2025-05-28, which exposes internal API testing tools to unauthenticated users. By accessing specific URLs, an attacker is presented with a directory-style index listing all available backend services and POS web services,...
CVE-2025-52024
A vulnerability exists in the Aptsys POS Platform Web Services module thru 2025-05-28, which exposes internal API testing tools to unauthenticated users. By accessing specific URLs, an attacker is presented with a directory-style index listing all available backend services and POS web services,...
Aptsys Gemscms POS Platform security vulnerabilities
Aptsys Gemscms POS Platform is a catering management system developed by the Indian company Aptsys. There is a security vulnerability in the Aptsys Gemscms POS Platform, which stems from the internal API testing tools being exposed to unverified users. This vulnerability could allow unauthorized...
CVE-2025-52024
A vulnerability exists in the Aptsys POS Platform Web Services module thru 2025-05-28, which exposes internal API testing tools to unauthenticated users. By accessing specific URLs, an attacker is presented with a directory-style index listing all available backend services and POS web services,...
CVE-2025-52026
An information disclosure vulnerability exists in the /srvs/membersrv/getCashiers endpoint of the Aptsys gemscms backend platform thru 2025-05-28. This unauthenticated endpoint returns a list of cashier accounts, including names, email addresses, usernames, and passwords hashed using MD5. As MD5 ...
CVE-2025-52025
An SQL Injection vulnerability exists in the GetServiceByRestaurantID endpoint of the Aptsys gemscms POS Platform backend thru 2025-05-28. The vulnerability arises because user input is directly inserted into a dynamic SQL query syntax without proper sanitization or parameterization. This allows ...
Aptsys Gemscms POS Platform security vulnerabilities
Aptsys Gemscms POS Platform is a catering management system developed by the Indian company Aptsys. There is a security vulnerability in the Aptsys Gemscms POS Platform. This vulnerability stems from the GetServiceByRestaurantID endpoint, which does not properly clean or parameterize user inputs,...
Aptsys Gemscms POS Platform security vulnerabilities
Aptsys Gemscms POS Platform is a catering management system developed by the Indian company Aptsys. There is a security vulnerability in the Aptsys Gemscms POS Platform. This vulnerability stems from unvalidated endpoints returning payment card credentials encrypted using MD5. It may lead to...
Aptsys Gemscms POS Platform security vulnerabilities
Aptsys Gemscms POS Platform is a catering management system developed by the Indian company Aptsys. There is a security vulnerability in the Aptsys Gemscms POS Platform. This vulnerability arises from the PHP backend, which triggers detailed error messages when processing specially crafted HTTP...
Aptsys Gemscms POS Platform security vulnerabilities
Aptsys Gemscms POS Platform is a catering management system developed by the Indian company Aptsys. There is a security vulnerability in the Aptsys Gemscms POS Platform. This vulnerability arises from the PHP backend, which triggers detailed error messages when processing specially crafted HTTP...
CVE-2025-52024
CVE-2025-52024 affects Aptsys POS Platform Web Services. Affected: Aptsys POS Platform Web Services version(s) prior to 2025-05-29. Root cause: unauthenticated access exposes internal API testing tooling and a directory-style index of backend services and POS web services, each with HTML forms fo...
CVE-2025-52023
A vulnerability in the PHP backend of gemscms.aptsys.com.sg thru 2025-05-28 allows unauthenticated remote attackers to trigger detailed error messages that disclose internal file paths, code snippets, and stack traces. This occurs when specially crafted HTTP GET/POST requests are sent to public A...
CVE-2025-52026
An information-disclosure vulnerability affects Aptsys gemscms backend platform (endpoint /srvs/membersrv/getCashiers) through 2025-05-28. This unauthenticated API returns cashier account data, including names, emails, usernames, and MD5-hashed passwords. MD5 is broken, enabling reverse cracking ...
CVE-2025-52025
CVE-2025-52025 describes an SQL Injection in the Aptsys gemscms POS Platform backend, specifically the GetServiceByRestaurantID endpoint. The issue arises from directly concatenating user input into a dynamic SQL query via the id parameter, enabling arbitrary SQL execution and unauthorized data a...