- Description
- A SQL injection issue has been discovered in eTRAKiT.net release 3.2.1.77. Due to improper input validation, a remote unauthenticated attacker can run arbitrary commands as the current MS SQL server account. It is recommended that the CRM feature is turned off while on eTRAKiT.net release 3.2.1.77. eTRAKiT.Net is no longer supported, and users are recommended to migrate to the latest version of CentralSquare Community Development.
- Source
- 9119a7d8-5eab-497f-8521-727c672e3725
- NVD status
- Received
- CNA Tags
- unsupported-when-assigned
CVSS 4.0
- Type
- Secondary
- Base score
- 9.3
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- CRITICAL
CVSS 3.1
- Type
- Secondary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- 9119a7d8-5eab-497f-8521-727c672e3725
- CWE-89
- Hype score
- Not currently trending
CVE-2025-29980 SQL Injection in https://t.co/wAr1GaWNHh 3.2.1.77 Enabling Unauthenticated Remote Command Execution https://t.co/5UFc2FmIUA
@VulmonFeeds
21 Mar 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-29980 ⚠️🔴 CRITICAL (9.3) 🏢 CentralSquare - https://t.co/GUvyJ9KZiC 🏗️ 3.2.1.77 🔗 https://t.co/Tw7r7AxmUB 🔗 https://t.co/30fYDIMsV5 #CyberCron #VulnAlert #InfoSec https://t.co/rsj2L9nKbC
@cybercronai
21 Mar 2025
19 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-29980 A SQL injection issue has been discovered in https://t.co/oVGGVpZgeu release 3.2.1.77. Due to improper input validation, a remote unauthenticated attacker can run arbitrary comma… https://t.co/PelEAC8gsr
@CVEnew
20 Mar 2025
304 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes