CVE-2025-40635 – Comerzzia Backoffice: Sales Orchestrator SQL Injection Vulnerability

May 20, 2025

CVE ID : CVE-2025-40635

Published : May 20, 2025, 1:15 p.m. | 1 hour, 34 minutes ago

Description : SQL injection vulnerability in Comerzzia Backoffice: Sales Orchestrator 3.0.15. This vulnerability allows an attacker to retrieve, create, update and delete databases via the ‘uidActivity’, ‘codCompany’ and ‘uidInstance’ parameters of the ‘/comerzzia/login’ endpoint.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-4978 – Netgear DGND3700 Basic Authentication Remote Authentication Bypass Vulnerability

Next Article CVE-2025-41229 – VMware Cloud Foundation Directory Traversal Vulnerability

Sunshine And March Vibes (2025 Wallpapers Edition)

The Case For Minimal WordPress Setups: A Contrarian View On Theme Frameworks

How To Fix Largest Contentful Paint Issues With Subpart Analysis

How To Prevent WordPress SQL Injection Attacks

Helldivers 2: Heart of Democracy update is live, and you need to jump in to save Super Earth from the Illuminate

Qualcomm’s new Adreno Control Panel will let you fine-tune the GPU for certain games on Snapdragon X Elite devices

Samsung takes on LG’s best gaming TVs — adds NVIDIA G-SYNC support to 2025 flagship

The biggest unanswered questions about Xbox’s next-gen consoles

HCL Commerce V9.1 – The Power of HCL Commerce Search

HCL Commerce V9.1 – The Power of HCL Commerce Search

Community News: Latest PECL Releases (05.20.2025)

Getting Started with Personalization in Sitecore XM Cloud: Enable, Extend, and Execute

Helldivers 2: Heart of Democracy update is live, and you need to jump in to save Super Earth from the Illuminate

Helldivers 2: Heart of Democracy update is live, and you need to jump in to save Super Earth from the Illuminate

Qualcomm’s new Adreno Control Panel will let you fine-tune the GPU for certain games on Snapdragon X Elite devices

Samsung takes on LG’s best gaming TVs — adds NVIDIA G-SYNC support to 2025 flagship

CVE-2025-40635 – Comerzzia Backoffice: Sales Orchestrator SQL Injection Vulnerability

Nmap 7.96 Launches with Lightning-Fast DNS and 612 Scripts

CVE-2025-5011 – MoonlightL Hexo-Boot Cross-Site Scripting Vulnerability

Meet Glasskube: A Open Source Package Manager for Kubernetes

Leopard: A Multimodal Large Language Model (MLLM) Designed Specifically for Handling Vision-Language Tasks Involving Multiple Text-Rich Images

Novels That Offer Peace After Long Days

Elastic launches low-code interface for experimenting with RAG implementation

CISA refutes claims it has been ordered to stop monitoring Russian cyber threats

Aaron Francis: Laravel Solo, Courses, Screencasting, and more

Cisco SD-WAN Vulnerabilities: PoC Exists for XSS and Filter Bypass

The best remote access software of 2025: Expert tested

CVE-2025-40635 – Comerzzia Backoffice: Sales Orchestrator SQL Injection Vulnerability

Related Posts