CVE-2025-40635 | Comerzzia Backoffice Sales Orchestrator 3.0.15 /comerzzia/login uidActivity/codCompany/uidInstance sql injection

Inserito da Angelo Barbosa | Mag 20, 2025 | CVE

A vulnerability, which was classified as critical, has been found in Comerzzia Backoffice Sales Orchestrator 3.0.15. Affected by this issue is some unknown functionality of the file /comerzzia/login. The manipulation of the argument uidActivity/codCompany/uidInstance leads to sql injection.

This vulnerability is handled as CVE-2025-40635. The attack may be launched remotely. There is no exploit available.

CVE-2025-40635 | Comerzzia Backoffice Sales Orchestrator 3.0.15 /comerzzia/login uidActivity/codCompany/uidInstance sql injection

Post correlati

CVE-2025-24656 | Realtyna Provisioning Plugin up to 1.2.2 on WordPress cross site scripting

CVE-2024-38642 | QNAP QuMagie up to 2.3.0 certificate validation (qsa-24-34)

CVE-2024-2749 | VikBooking Hotel Booking Engine & PMS Plugin up to 1.6.7 on WordPress Setting access control

CVE-2024-44116 | SAP NetWeaver Application Server for ABAP and ABAP Platform RFC Enabled Function Module authorization