7 matches found
EUVD-2025-15825
Malicious code in bioql PyPI...
CVE-2025-40635
SQL injection vulnerability in Comerzzia Backoffice: Sales Orchestrator 3.0.15. This vulnerability allows an attacker to retrieve, create, update and delete databases via the ‘uidActivity’, ‘codCompany’ and ‘uidInstance’ parameters of the ‘/comerzzia/login’ endpoint...
CVE-2025-40635 SQL injection at Comerzzia
SQL injection vulnerability in Comerzzia Backoffice: Sales Orchestrator 3.0.15. This vulnerability allows an attacker to retrieve, create, update and delete databases via the ‘uidActivity’, ‘codCompany’ and ‘uidInstance’ parameters of the ‘/comerzzia/login’ endpoint...
CVE-2025-40635
CVE-2025-40635 affects Comerzzia Backoffice: Sales Orchestrator 3.0.15. A SQL injection in /comerzzia/login via uidActivity, codCompany, and uidInstance can expose full database access (retrieve, create, update, delete). Base score 9.3 (CRITICAL) per CVSS v4.0; network attack, no authentication, ...
CVE-2025-40635 SQL injection at Comerzzia
SQL injection vulnerability in Comerzzia Backoffice: Sales Orchestrator 3.0.15. This vulnerability allows an attacker to retrieve, create, update and delete databases via the ‘uidActivity’, ‘codCompany’ and ‘uidInstance’ parameters of the ‘/comerzzia/login’ endpoint...
Comerzzia Backoffice SQL注入漏洞
Comerzzia Backoffice is a modular retail platform from Comerzzia. A SQL injection vulnerability exists in Comerzzia Backoffice version 3.0.15, which stems from unfiltered uidActivity, codCompany, and uidInstance parameters, and could lead to SQL injection attacks...
PT-2025-22133 · Unknown · Comerzzia Backoffice: Sales Orchestrator
Name of the Vulnerable Software and Affected Versions: Comerzzia Backoffice: Sales Orchestrator version 3.0.15 Description: The issue allows an attacker to retrieve, create, update, and delete databases via the uidActivity, codCompany, and uidInstance parameters of the "/comerzzia/login" endpoint...