2 matches found
CVE-2025-25181
Advantive VeraCore (through 2025.1.0) contains a SQL injection in timeoutWarning.asp exploitable via the PmSess1 parameter, enabling remote arbitrary SQL execution. Evidence across sources indicates active exploitation of this vulnerability, with mitigations recommending disabling the PmSess1 par...
CVE-2024-57968
CVE-2024-57968 affects Advantive VeraCore (pre-2024.4.2.1). It is an unrestricted file upload vulnerability that allows a remote authenticated user to upload files to unintended folders (upload.aspx). VeraCore was patched in version 2024.4.2.1. In practice, multiple sources flag active exploitati...