Lucene search
K

8 matches found

RedhatCVE
RedhatCVE
added 2025/11/13 1:0 a.m.12 views

CVE-2025-56385

A SQL injection vulnerability exists in the login functionality of WellSky Harmony version 4.1.0.2.83 within the 'xmHarmony.asp' endpoint. User-supplied input to the 'TXTUSERID' parameter is not properly sanitized before being incorporated into a SQL query. Successful authentication may lead to...

9.8CVSS8.1AI score0.00413EPSS
Exploits0References1
OSV
OSV
added 2025/11/12 7:15 p.m.5 views

CVE-2025-56385

A SQL injection vulnerability exists in the login functionality of WellSky Harmony version 4.1.0.2.83 within the 'xmHarmony.asp' endpoint. User-supplied input to the 'TXTUSERID' parameter is not properly sanitized before being incorporated into a SQL query. Successful authentication may lead to...

9.8CVSS5.9AI score0.00413EPSS
Exploits0References3
NVD
NVD
added 2025/11/12 7:15 p.m.17 views

CVE-2025-56385

A SQL injection vulnerability exists in the login functionality of WellSky Harmony version 4.1.0.2.83 within the 'xmHarmony.asp' endpoint. User-supplied input to the 'TXTUSERID' parameter is not properly sanitized before being incorporated into a SQL query. Successful authentication may lead to...

9.8CVSS0.00413EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/11/12 12:0 a.m.3 views

CVE-2025-56385

A SQL injection vulnerability exists in the login functionality of WellSky Harmony version 4.1.0.2.83 within the 'xmHarmony.asp' endpoint. User-supplied input to the 'TXTUSERID' parameter is not properly sanitized before being incorporated into a SQL query. Successful authentication may lead to...

7.7AI score0.00413EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/11/12 12:0 a.m.6 views

WellSky Harmony 安全漏洞

WellSky Harmony is an all-in-one service management platform from WellSky USA. A security vulnerability exists in WellSky Harmony version 4.1.0.2.83, which stems from improper cleanup of the TXTUSERID parameter in the xmHarmony.asp endpoint, which could lead to an SQL injection attack...

9.8CVSS7.7AI score0.00413EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/11/12 12:0 a.m.9 views

CVE-2025-56385

A SQL injection vulnerability exists in the login functionality of WellSky Harmony version 4.1.0.2.83 within the 'xmHarmony.asp' endpoint. User-supplied input to the 'TXTUSERID' parameter is not properly sanitized before being incorporated into a SQL query. Successful authentication may lead to...

0.00413EPSS
Exploits0References1
CVE
CVE
added 2025/11/12 12:0 a.m.17 views

CVE-2025-56385

WellSky Harmony 4.1.0.2.83 has a SQL injection in the login endpoint xmHarmony.asp via the TXTUSERID parameter. The vulnerability arises from insufficient sanitization of user input before it is used in a SQL query, enabling authentication bypass, data leakage, or potential full compromise of bac...

9.8CVSS7.7AI score0.00413EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/11/12 12:0 a.m.6 views

PT-2025-46694

Name of the Vulnerable Software and Affected Versions WellSky Harmony version 4.1.0.2.83 Description A SQL injection issue exists in the login functionality of WellSky Harmony. The 'xmHarmony.asp' endpoint is affected, specifically due to insufficient sanitization of user-supplied input provided...

9.8CVSS7.7AI score0.00413EPSS
Exploits0References6
Rows per page
Query Builder