CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2025-29980

A SQL injection issue has been discovered in eTRAKiT.net release 3.2.1.77. Due to improper input validation, a remote unauthenticated attacker can run arbitrary commands as the current MS SQL server account. It is recommended that the CRM feature is turned off while on eTRAKiT.net release 3.2.1.77. eTRAKiT.Net is no longer supported, and users are recommended to migrate to the latest version of CentralSquare Community Development.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 33.3%

CVSS Severity

CVSS v3 Score 9.8

References

https://github.com/cisagov/CSAF/pull/182/files#diff-53861466371a59578b21f5e4b4b6be7b2a6267c5d0fe81eda2a849bf6915ed8d
https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-079-01.json

Products affected by CVE-2025-29980

Centralsquare » Etrakit.net » Version: 3.2.1.77

cpe:2.3:a:centralsquare:etrakit.net:3.2.1.77

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-29980

Products

Pricing

Contact Us