Primary

Context

AndSoft e-TMS Command Injection Vulnerability

Vulnerability

A command injection vulnerability allowing the execution of operating system commands on the server has been identified in AndSoft's e-TMS version 25.03. This vulnerability arises from improper handling of the 'm' parameter in the '/clt/LOGINFRM_original.ASP' endpoint, enabling attackers to send POST requests that execute arbitrary commands on the server.

Impact

Exploitation of this vulnerability allows for operating system command injection, where an attacker can execute commands on the server with the same privileges as the application user.

Remediation

Users can upgrade to AndSoft e-TMS versions VNL 25001 or VNL 25010, or version 25.04, where this vulnerability has been fixed.

Added: Oct 2, 2025, 2:17 PM

Updated: Oct 2, 2025, 7:47 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

7.4

remediation

7.7

relevance

0.5

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

7.4

remediation

7.7

relevance

0.5

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

AndSoft e-TMS Command Injection Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating