← volver
CVE-2025-29980

Blind SQL Injection vulnerability in eTRAKiT.Net

CVSS 9.3 CRITICALEPSS 0.5%CWE-89
A SQL injection issue has been discovered in eTRAKiT.net release 3.2.1.77. Due to improper input validation, a remote unauthenticated attacker can run arbitrary commands as the current MS SQL server account. It is recommended that the CRM feature is turned off while on eTRAKiT.net release 3.2.1.77. eTRAKiT.Net is no longer supported, and users are recommended to migrate to the latest version of CentralSquare Community Development.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Productos afectados
CentralSquare · eTRAKiT.Net

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/cisagov/CSAF/pull/182/files#diff-53861466371a59578b21f5e4b4b6be7b2a6267c5d0fe81eda2a849bf6915ed8dhttps://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-079-01.json