2 matches found
CVE-2025-40635
SQL injection vulnerability in Comerzzia Backoffice: Sales Orchestrator 3.0.15. This vulnerability allows an attacker to retrieve, create, update and delete databases via the ‘uidActivity’, ‘codCompany’ and ‘uidInstance’ parameters of the ‘/comerzzia/login’ endpoint...
PT-2025-22133 · Unknown · Comerzzia Backoffice: Sales Orchestrator
Name of the Vulnerable Software and Affected Versions: Comerzzia Backoffice: Sales Orchestrator version 3.0.15 Description: The issue allows an attacker to retrieve, create, update, and delete databases via the uidActivity, codCompany, and uidInstance parameters of the "/comerzzia/login" endpoint...