CVE-2025-52023

CVE-2025-52023 affects the PHP backend of gemscms.aptsys.com.sg (thru 2025-05-28). The vulnerability allows unauthenticated remote attackers to trigger detailed error messages that reveal internal file paths, code snippets, and stack traces when hitting public API endpoints via crafted HTTP GET/P...

CVE-2025-52022

CVE-2025-52022 affects the PHP backend of gemsloyalty.aptsys.com.sg (through 2025-05-28). The root issue is Information Exposure Through an Error Message: unauthenticated remote attackers can trigger detailed error messages via public API endpoints that disclose internal file paths, code snippets...

CVE-2025-52024

CVE-2025-52024 affects Aptsys POS Platform Web Services. Affected: Aptsys POS Platform Web Services version(s) prior to 2025-05-29. Root cause: unauthenticated access exposes internal API testing tooling and a directory-style index of backend services and POS web services, each with HTML forms fo...

CVE-2025-52025

CVE-2025-52025 describes an SQL Injection in the Aptsys gemscms POS Platform backend, specifically the GetServiceByRestaurantID endpoint. The issue arises from directly concatenating user input into a dynamic SQL query via the id parameter, enabling arbitrary SQL execution and unauthorized data a...

CVE-2025-52026

An information-disclosure vulnerability affects Aptsys gemscms backend platform (endpoint /srvs/membersrv/getCashiers) through 2025-05-28. This unauthenticated API returns cashier account data, including names, emails, usernames, and MD5-hashed passwords. MD5 is broken, enabling reverse cracking ...