Primary

Context

AndSoft e-TMS Command Injection Vulnerability

Vulnerability

A command injection vulnerability has been identified in AndSoft's e-TMS version 25.03. This vulnerability allows attackers to execute operating system commands on the server by sending a POST request. The 'm' parameter in '/CLT/LOGINERRORFRM.ASP' is associated with this vulnerability.

Impact

Exploitation of this vulnerability allows for operating system command injection, enabling attackers to execute arbitrary commands on the server.

Remediation

Users can upgrade to AndSoft e-TMS versions VNL 25001 or VNL 25010, where this vulnerability has been patched. As of version 25.04, the vulnerability is completely fixed.

Added: Oct 2, 2025, 3:37 PM

Updated: Oct 2, 2025, 7:45 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

7.4

remediation

7.7

relevance

0.6

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

7.4

remediation

7.7

relevance

0.6

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

AndSoft e-TMS Command Injection Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating