Aptsys Gemscms Backend vulnerabilities
5 known vulnerabilities affecting aptsys/gemscms_backend.
Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH1MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2025-52024P2CRITICALCVSS 9.4≤ 2025-05-282026-01-23
CVE-2025-52024 [CRITICAL] CWE-306 CVE-2025-52024: A vulnerability exists in the Aptsys POS Platform Web Services module thru 2025-05-28, which exposes
A vulnerability exists in the Aptsys POS Platform Web Services module thru 2025-05-28, which exposes internal API testing tools to unauthenticated users. By accessing specific URLs, an attacker is presented with a directory-style index listing all available backend services and POS web services, each with an HTML form for submitting test input. Th
nvd
CVE-2025-52025P2CRITICALCVSS 9.4≤ 2025-05-282026-01-23
CVE-2025-52025 [CRITICAL] CWE-89 CVE-2025-52025: An SQL Injection vulnerability exists in the GetServiceByRestaurantID endpoint of the Aptsys gemscms
An SQL Injection vulnerability exists in the GetServiceByRestaurantID endpoint of the Aptsys gemscms POS Platform backend thru 2025-05-28. The vulnerability arises because user input is directly inserted into a dynamic SQL query syntax without proper sanitization or parameterization. This allows an attacker to inject and execute arbitrary SQL code
nvd
CVE-2025-52026P3HIGHCVSS 7.5≤ 2025-05-282026-01-23
CVE-2025-52026 [HIGH] CWE-200 CVE-2025-52026: An information disclosure vulnerability exists in the /srvs/membersrv/getCashiers endpoint of the Ap
An information disclosure vulnerability exists in the /srvs/membersrv/getCashiers endpoint of the Aptsys gemscms backend platform thru 2025-05-28. This unauthenticated endpoint returns a list of cashier accounts, including names, email addresses, usernames, and passwords hashed using MD5. As MD5 is a broken cryptographic function, the hashes can be ea
nvd
CVE-2025-52023P4MEDIUMCVSS 5.3≤ 2025-05-282026-01-23
CVE-2025-52023 [MEDIUM] CWE-209 CVE-2025-52023: A vulnerability in the PHP backend of gemscms.aptsys.com.sg thru 2025-05-28 allows unauthenticated r
A vulnerability in the PHP backend of gemscms.aptsys.com.sg thru 2025-05-28 allows unauthenticated remote attackers to trigger detailed error messages that disclose internal file paths, code snippets, and stack traces. This occurs when specially crafted HTTP GET/POST requests are sent to public API endpoints, exposing potentially sensitive informati
nvd
CVE-2025-52022P4MEDIUMCVSS 5.3≤ 2025-05-282026-01-23
CVE-2025-52022 [MEDIUM] CWE-209 CVE-2025-52022: A vulnerability in the PHP backend of gemsloyalty.aptsys.com.sg thru 2025-05-28 allows unauthenticat
A vulnerability in the PHP backend of gemsloyalty.aptsys.com.sg thru 2025-05-28 allows unauthenticated remote attackers to trigger detailed error messages that disclose internal file paths, code snippets, and stack traces. This occurs when specially crafted HTTP GET/POST requests are sent to public API endpoints, exposing potentially sensitive infor
nvd