cbcvebase.

Andsoft E-Tms vulnerabilities

40 known vulnerabilities affecting andsoft/e-tms.

Total CVEs
40
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL9HIGH2MEDIUM29

Vulnerabilities

Page 1 of 2
CVE-2025-59735P2CRITICALCVSS 9.8v25.03vv25.03 version2025-10-02
CVE-2025-59735 [CRITICAL] CWE-77 CVE-2025-59735: Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability allow Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute operating system commands on the server by sending a POST request. The relationship between parameter and assigned identifier is a 'm' parameter in '/clt/LOGINFRM.ASP'.
nvd
CVE-2025-59738P2CRITICALCVSS 9.8v25.03vv25.03 version2025-10-02
CVE-2025-59738 [CRITICAL] CWE-77 CVE-2025-59738: Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability allow Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute operating system commands on the server by sending a POST request. The relationship between parameter and assigned identifier is a 'm' parameter in '/clt/LOGINFRM_BET.ASP'.
nvd
CVE-2025-59739P2CRITICALCVSS 9.8v25.03vv25.03 version2025-10-02
CVE-2025-59739 [CRITICAL] CWE-77 CVE-2025-59739: Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability allow Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute operating system commands on the server by sending a POST request. The relationship between parameter and assigned identifier is a 'm' parameter in '/clt/LOGINFRM_original.ASP'.
nvd
CVE-2025-59740P2CRITICALCVSS 9.8v25.03vv25.03 version2025-10-02
CVE-2025-59740 [CRITICAL] CWE-77 CVE-2025-59740: Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability allow Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute operating system commands on the server by sending a POST request. The relationship between parameter and assigned identifier is a 'm' parameter in '/clt/LOGINFRM_CAT.ASP'.
nvd
CVE-2025-59737P2CRITICALCVSS 9.8v25.03vv25.03 version2025-10-02
CVE-2025-59737 [CRITICAL] CWE-77 CVE-2025-59737: Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability allow Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute operating system commands on the server by sending a POST request. The relationship between parameter and assigned identifier is a 'm' parameter in '/clt/LOGINFRM_LXA.ASP'.
nvd
CVE-2025-59736P2CRITICALCVSS 9.8v25.03vv25.03 version2025-10-02
CVE-2025-59736 [CRITICAL] CWE-77 CVE-2025-59736: Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability allow Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute operating system commands on the server by sending a POST request. The relationship between parameter and assigned identifier is a 'm' parameter in '/clt/LOGINFRM_DJO.ASP'.
nvd
CVE-2025-59741P2CRITICALCVSS 9.8v25.03vv25.03 version2025-10-02
CVE-2025-59741 [CRITICAL] CWE-77 CVE-2025-59741: Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability allow Operating system command injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute operating system commands on the server by sending a POST request. The relationship between parameter and assigned identifier is a 'm' parameter in '/CLT/LOGINERRORFRM.ASP'.
nvd
CVE-2025-59742P2CRITICALCVSS 9.8v25.03vv25.03 version2025-10-02
CVE-2025-59742 [CRITICAL] CWE-89 CVE-2025-59742: SQL injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability could allow an attacker to SQL injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability could allow an attacker to retrieve, create, update, and delete databases by sending a POST request. The relationship between parameter and assigned identifier is a 'USRMAIL' parameter in'/inc/login/TRACK_REQUESTFRMSQL.ASP'.
nvd
CVE-2025-59743P2CRITICALCVSS 9.8v25.03vv25.03 version2025-10-02
CVE-2025-59743 [CRITICAL] CWE-89 CVE-2025-59743: SQL injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability could allow an attacker to SQL injection vulnerability in AndSoft's e-TMS v25.03. This vulnerability could allow an attacker to retrieve, create, update, and delete databases by sending a POST request. The relationship between parameter and assigned identifier is a 'SessionID' cookie in '/inc/connect/CONNECTION.ASP'.
nvd
CVE-2025-59744P3HIGHCVSS 7.5v25.03vv25.03 version2025-10-02
CVE-2025-59744 [HIGH] CWE-22 CVE-2025-59744: Path traversal vulnerability in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to acc Path traversal vulnerability in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to access files only within the web root using the “docurl” parameter in “/lib/asp/DOCSAVEASASP.ASP”.
nvd
CVE-2025-59745P3HIGHCVSS 7.5v25.03vv25.03 version2025-10-02
CVE-2025-59745 [HIGH] CWE-327 CVE-2025-59745: Vulnerability in the cryptographic algorithm of AndSoft's e-TMS v25.03, which uses MD5 to encrypt pa Vulnerability in the cryptographic algorithm of AndSoft's e-TMS v25.03, which uses MD5 to encrypt passwords. MD5 is a cryptographically vulnerable hash algorithm and is no longer considered secure for storing or transmitting passwords. It is vulnerable to collision attacks and can be easily cracked with modern hardware, exposing user credentials to po
nvd
CVE-2025-59746P4MEDIUMCVSS 6.1v25.03vv25.03 version2025-10-02
CVE-2025-59746 [MEDIUM] CWE-79 CVE-2025-59746: Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability all Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'm' parameter in '/lib/asp/alert.asp'.
nvd
CVE-2025-59747P4MEDIUMCVSS 6.1v25.03vv25.03 version2025-10-02
CVE-2025-59747 [MEDIUM] CWE-79 CVE-2025-59747: Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability all Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l' parameter in '/clt/resetPassword.asp'.
nvd
CVE-2025-59748P4MEDIUMCVSS 6.1v25.03vv25.03 version2025-10-02
CVE-2025-59748 [MEDIUM] CWE-79 CVE-2025-59748: Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability all Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l' and 'reset' parameters in '/clt/changepassword.asp'.
nvd
CVE-2025-59749P4MEDIUMCVSS 6.1v25.03vv25.03 version2025-10-02
CVE-2025-59749 [MEDIUM] CWE-79 CVE-2025-59749: Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability all Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l' parameter in '/clt/TRACK_REQUEST.ASP'.
nvd
CVE-2025-59774P4MEDIUMCVSS 6.1v25.03vv25.03 version2025-10-02
CVE-2025-59774 [MEDIUM] CWE-79 CVE-2025-59774: Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability all Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and SuppConn' parameters in '/clt/LOGINFRM_VON.ASP'.
nvd
CVE-2025-59756P4MEDIUMCVSS 6.1v25.03vv25.03 version2025-10-02
CVE-2025-59756 [MEDIUM] CWE-79 CVE-2025-59756: Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability all Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and SuppConn' parameters in 'SuppConn in /clt/LOGINFRM_CON.A
nvd
CVE-2025-59754P4MEDIUMCVSS 6.1v25.03vv25.03 version2025-10-02
CVE-2025-59754 [MEDIUM] CWE-79 CVE-2025-59754: Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability all Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and SuppConn' parameters in '/clt/LOGINFRM_original.ASP'.
nvd
CVE-2025-59770P4MEDIUMCVSS 6.1v25.03vv25.03 version2025-10-02
CVE-2025-59770 [MEDIUM] CWE-79 CVE-2025-59770: Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability all Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and SuppConn' parameters in '/clt/LOGINFRM_MON.ASP'.
nvd
CVE-2025-59763P4MEDIUMCVSS 6.1v25.03vv25.03 version2025-10-02
CVE-2025-59763 [MEDIUM] CWE-79 CVE-2025-59763: Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability all Cross-site scripting (XSS) vulnerability reflected in AndSoft's e-TMS v25.03. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL. The relationship between parameter and assigned identifier is 'l, demo, demo2, TNTLOGIN, UO and SuppConn' parameters in '/clt/LOGINFRM_EK.ASP'.
nvd
Andsoft E-Tms vulnerabilities | cvebase