📄 ScriptCase Remote Command Execution

ScriptCase versions 1.0.003-build-2 Production Environment and 9.12.006 23 ScriptCase are affected by a pre-authenticated remote command execution vulnerability. This is achieved by chaining two vulnerabilities: the first is the ability to reset the administrator password of the prod console unde...

CVE-2025-47227

In the Production Environment extension in Netmake ScriptCase through 9.12.006 23, the Administrator password reset mechanism is mishandled. Making both a GET and a POST request to login.php.is sufficient. An unauthenticated attacker can then bypass authentication via administrator account takeov...

CVE-2025-47228

In the Production Environment extension in Netmake ScriptCase through 9.12.006 23, shell injection in the SSH connection settings allows authenticated attackers to execute system commands via crafted HTTP requests...

CVE-2025-47228

In the Production Environment extension in Netmake ScriptCase through 9.12.006 23, shell injection in the SSH connection settings allows authenticated attackers to execute system commands via crafted HTTP requests...

CVE-2025-47227

Netmake ScriptCase Production Environment extension (up to 9.12.006) contains a vulnerability in the administrator password reset mechanism. Specifically, GET and POST requests to login.php can bypass authentication, enabling an unauthenticated administrator account takeover. The CVSS=3.1 base sc...

CVE-2025-47227

In the Production Environment extension in Netmake ScriptCase through 9.12.006 23, the Administrator password reset mechanism is mishandled. Making both a GET and a POST request to login.php.is sufficient. An unauthenticated attacker can then bypass authentication via administrator account takeov...

CVE-2025-47227

In the Production Environment extension in Netmake ScriptCase through 9.12.006 23, the Administrator password reset mechanism is mishandled. Making both a GET and a POST request to login.php.is sufficient. An unauthenticated attacker can then bypass authentication via administrator account takeov...

CVE-2025-47228

CVE-2025-47228 affects Netmake ScriptCase, Production Environment extension, up to version 9.12.006(23). A shell injection flaw exists in the SSH connection settings that, when paired with authenticated access and crafted HTTP requests, allows an attacker to execute system commands on the server....

PT-2025-28035

Name of the Vulnerable Software and Affected Versions: Netmake ScriptCase versions 9.12.006 and earlier Description: The issue allows authenticated attackers to execute system commands via crafted HTTP requests due to shell injection in the SSH connection settings. Additionally, there is a...

Scriptcase 操作系统命令注入漏洞

Scriptcase is a low-code platform for rapid application development from Scriptcase, Inc. An operating system command injection vulnerability exists in Scriptcase version 9.12.006, which stems from a command injection in the SSH connection settings that could lead to system command execution...

Scriptcase 安全漏洞

Scriptcase is a low-code platform for rapid application development from Scriptcase, Inc. A security vulnerability exists in Scriptcase version 9.12.006, which stems from mishandling of the administrator password reset mechanism, which could lead to authentication bypass...

PT-2025-28034

Name of the Vulnerable Software and Affected Versions Netmake ScriptCase versions prior to 9.12.006 23 Description The Production Environment extension contains a flaw in the administrator password reset mechanism. An unauthenticated remote attacker can bypass authentication and take over the...

CVE-2024-46083

Scriptcase v9.10.023 and before is vulnerable to Cross Site Scripting XSS. An authenticated user can craft malicious payloads using the messages feature, which allows the injection of malicious code into any user's account on the platform. It is important to note that regular users can trigger...

CVE-2024-46079

Scriptcase v9.10.023 and before is vulnerable to Cross Site Scripting XSS in projnew.php via the Descricao parameter...

CVE-2024-46081

Scriptcase v9.10.023 and before is vulnerable to Cross Site Scripting XSS. An authenticated user can craft malicious payloads in the To-Do List. The assigned user will trigger a stored XSS, which is particularly dangerous because tasks are assigned to various users on the platform...

CVE-2024-46084

Scriptcase 9.10.023 and before is vulnerable to Remote Code Execution RCE via the nmunzip function...

CVE-2024-46080

Scriptcase v9.10.023 and before is vulnerable to Remote Code Execution RCE via the nmzip function...

CVE-2024-46082

Scriptcase v.9.10.023 and before is vulnerable to Cross Site Scripting XSS in nmcor.php via the form and field parameters...

CVE-2022-32199

dbconvert.php in ScriptCase through 9.9.008 is vulnerable to Arbitrary File Deletion by an admin via a directory traversal sequence in the file parameter...

CVE-2025-29322

A cross-site scripting XSS vulnerability in ScriptCase before v1.0.003 - Build 3 allows attackers to execute arbitrary code via a crafted payload to the "Connection Name" in the New Connection and Rename Connection pages...