Primary

Context

AndSoft e-TMS Command Injection Vulnerability

Vulnerability

A command injection vulnerability allowing the execution of operating system commands on the server has been identified in AndSoft's e-TMS version 25.03. This vulnerability arises from the 'm' parameter in the '/clt/LOGINFRM_BET.ASP' endpoint, where an attacker can send a POST request to execute arbitrary commands.

Impact

Exploitation of this vulnerability allows for operating system command injection, enabling attackers to execute commands on the server where the application is hosted.

Remediation

Users can upgrade to AndSoft e-TMS versions VNL 25001 or VNL 25010, both released in January 2025, to address this vulnerability. As of version 25.04, the vulnerability has been completely fixed.

Added: Oct 2, 2025, 2:18 PM

Updated: Oct 2, 2025, 7:47 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

7.4

remediation

7.7

relevance

0.6

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

7.4

remediation

7.7

relevance

0.6

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

AndSoft e-TMS Command Injection Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating