Shodan
Vulnerabilities
Vulnerable Software
Andsoft:  >> E-Tms  Security Vulnerabilities
CVE-2025-59741
Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute operating system commands on the server by sending a POST request. The relationship between parameter and assigned identifier is a 'm' parameter in '/CLT/LOGINERRORFRM.ASP'.
CVSS Score
9.8
EPSS Score
0.003
Published
2025-10-02
CVE-2025-59742
SQL injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability could allow an attacker to retrieve, create, update, and delete databases by sending a POST request. The relationship between parameter and assigned identifier is a 'USRMAIL' parameter in'/inc/login/TRACK_REQUESTFRMSQL.ASP'.
CVSS Score
9.8
EPSS Score
0.0
Published
2025-10-02
CVE-2025-59743
SQL injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability could allow an attacker to retrieve, create, update, and delete databases by sending a POST request. The relationship between parameter and assigned identifier is a 'SessionID' cookie in '/inc/connect/CONNECTION.ASP'.
CVSS Score
9.8
EPSS Score
0.0
Published
2025-10-02
CVE-2025-59744
Path traversal vulnerability in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to access files only within the web root using the “docurl” parameter in “/lib/asp/DOCSAVEASASP.ASP”.
CVSS Score
7.5
EPSS Score
0.0
Published
2025-10-02
CVE-2025-59735
Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute operating system commands on the server by sending a POST request. The relationship between parameter and assigned identifier is a 'm' parameter in '/clt/LOGINFRM.ASP'.
CVSS Score
9.8
EPSS Score
0.003
Published
2025-10-02
CVE-2025-59736
Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute operating system commands on the server by sending a POST request. The relationship between parameter and assigned identifier is a 'm' parameter in '/clt/LOGINFRM_DJO.ASP'.
CVSS Score
9.8
EPSS Score
0.003
Published
2025-10-02
CVE-2025-59737
Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute operating system commands on the server by sending a POST request. The relationship between parameter and assigned identifier is a 'm' parameter in '/clt/LOGINFRM_LXA.ASP'.
CVSS Score
9.8
EPSS Score
0.003
Published
2025-10-02
CVE-2025-59738
Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute operating system commands on the server by sending a POST request. The relationship between parameter and assigned identifier is a 'm' parameter in '/clt/LOGINFRM_BET.ASP'.
CVSS Score
9.8
EPSS Score
0.003
Published
2025-10-02
CVE-2025-59739
Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute operating system commands on the server by sending a POST request. The relationship between parameter and assigned identifier is a 'm' parameter in '/clt/LOGINFRM_original.ASP'.
CVSS Score
9.8
EPSS Score
0.003
Published
2025-10-02
CVE-2025-59740
Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute operating system commands on the server by sending a POST request. The relationship between parameter and assigned identifier is a 'm' parameter in '/clt/LOGINFRM_CAT.ASP'.
CVSS Score
9.8
EPSS Score
0.003
Published
2025-10-02


Products
Pricing
Contact Us

Shodan ® - All rights reserved