6 matches found
AndSoft e-TMS OS Command Injection Vulnerability (CNVD-2025-23563)
AndSoft e-TMS is a logistics management software from AndSoft Spain. AndSoft e-TMS suffers from an operating system command injection vulnerability that originates from a misuse of parameter m in file /clt/LOGINFRMoriginal.ASP, which can be exploited by an attacker to execute operating system...
CVE-2025-59759
Cross-site scripting XSS vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and...
CVE-2025-59771 Multiple vulnerabilities in AndSoft's e-TMS
Cross-site scripting XSS vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and...
CVE-2025-59735
Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute operating system commands on the server by sending a POST request. The relationship between parameter and assigned identifier is a 'm' parameter in '/clt/LOGINFRM.ASP'...
PT-2025-40355
Name of the Vulnerable Software and Affected Versions AndSoft e-TMS version 25.03 Description An operating system command injection issue exists in AndSoft e-TMS version 25.03. This allows an attacker to execute operating system commands on the server. The issue is triggered by sending a POST...
PT-2025-40358
Name of the Vulnerable Software and Affected Versions AndSoft e-TMS version 25.03 Description An operating system command injection issue exists in AndSoft e-TMS version 25.03. This allows an attacker to execute operating system commands on the server. The issue is triggered by sending a POST...