CVE-2025-40635 – Comerzzia Backoffice: Sales Orchestrator SQL Injection Vulnerability

May 20, 2025

CVE ID : CVE-2025-40635

Published : May 20, 2025, 1:15 p.m. | 1 hour, 34 minutes ago

Description : SQL injection vulnerability in Comerzzia Backoffice: Sales Orchestrator 3.0.15. This vulnerability allows an attacker to retrieve, create, update and delete databases via the ‘uidActivity’, ‘codCompany’ and ‘uidInstance’ parameters of the ‘/comerzzia/login’ endpoint.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-4978 – Netgear DGND3700 Basic Authentication Remote Authentication Bypass Vulnerability

Next Article CVE-2025-41229 – VMware Cloud Foundation Directory Traversal Vulnerability

10 Top Node.js Development Companies for Enterprise-Scale Projects (2025-2026 Ranked & Reviewed)

12 Must-Know Cost Factors When Hiring Node.js Developers for Your Enterprise

Mirantis reveals Lens Prism, an AI copilot for operating Kubernetes clusters

Avoid these common platform engineering mistakes

RIP, Perfect Dark — Xbox leadership canceled my most-anticipated game, and the developers deserved better

I keep seeing people at events taking notes on E-Ink tablets — so I tried one to see what all the fuss is about

“A fantastic device for creative users” — this $550 discount on ASUS’s 3K OLED creator laptop disappears before Prime Day

Distribution Release: Rhino Linux 2025.3

Token System using PHP and MySQL

Token System using PHP and MySQL

Create React UI component with uncontrollable

Flaget – new small 5kB CLI argument parser

RIP, Perfect Dark — Xbox leadership canceled my most-anticipated game, and the developers deserved better

RIP, Perfect Dark — Xbox leadership canceled my most-anticipated game, and the developers deserved better

I keep seeing people at events taking notes on E-Ink tablets — so I tried one to see what all the fuss is about

Le notizie minori del mondo GNU/Linux e dintorni della settimana nr 27/2025

CVE-2025-40635 – Comerzzia Backoffice: Sales Orchestrator SQL Injection Vulnerability

Citrix Releases Emergency Patches for Actively Exploited CVE-2025-6543 in NetScaler ADC

CISA Adds 3 Flaws to KEV Catalog, Impacting AMI MegaRAC, D-Link, Fortinet

Bill Gates says “AI will replace humans for most things” in 20 years, including blue-and white-collar jobs — but floats short work weeks and early retirement as trade-offs

CVE-2025-1908 – GitLab Information Disclosure and Session Hijacking Vulnerability

Fuel your creativity with new generative media models and tools

CVE-2024-53019 – Cisco RTP Information Disclosure Vulnerability

CVE-2025-49858 – Arconix Shortcodes Cross-site Scripting (XSS)

FiberGateway Router Hacked: Portugal’s 1.6M Homes at Risk

Microsoft and Xbox just gave this Halo fan game their blessing — it’s Vampire Survivors with Master Chief, and I’m having a blast

Implementing Account Suspension in Laravel

CVE-2025-40635 – Comerzzia Backoffice: Sales Orchestrator SQL Injection Vulnerability

Related Posts