Simopro Technology Winmatrix3 Web Package vulnerabilities
4 known vulnerabilities affecting simopro_technology/winmatrix3_web_package.
Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2025-7918P2CRITICALCVSS 9.8≤ 1.2.39.52025-07-21
CVE-2025-7918 [CRITICAL] CWE-89 CVE-2025-7918: WinMatrix3 Web package developed by Simopro Technology has a SQL Injection vulnerability, allowing u
WinMatrix3 Web package developed by Simopro Technology has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.
nvd
CVE-2025-7917P3HIGHCVSS 7.2≤ 1.2.39.52025-07-21
CVE-2025-7917 [HIGH] CWE-434 CVE-2025-7917: WinMatrix3 Web package developed by Simopro Technology has an Arbitrary File Upload vulnerability, a
WinMatrix3 Web package developed by Simopro Technology has an Arbitrary File Upload vulnerability, allowing remote attackers with administrator privileges to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.
nvd
CVE-2025-7919P3MEDIUMCVSS 6.5≤ 1.2.39.52025-07-21
CVE-2025-7919 [MEDIUM] CWE-200 CVE-2025-7919: WinMatrix3 Web package developed by Simopro Technology has a SQL Injection vulnerability, allowing u
WinMatrix3 Web package developed by Simopro Technology has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.
nvd
CVE-2025-7920P4MEDIUMCVSS 6.1≤ 1.2.39.52025-07-21
CVE-2025-7920 [MEDIUM] CWE-79 CVE-2025-7920: WinMatrix3 Web package developed by Simopro Technology has a Reflected Cross-site Scripting vulnerab
WinMatrix3 Web package developed by Simopro Technology has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks.
nvd