CVE-2025-28076 | THREATINT

Description

Multiple SQL injection vulnerabilities in EasyVirt DCScope <= 8.6.4 and CO2Scope <= 1.3.4 allows remote authenticated attackers to execute arbitrary SQL commands via the (1) timeago, (2) user, (3) filter, (4) target, (5) p1, (6) p2, (7) p3, (8) p4, (9) p5, (10) p6, (11) p7, (12) p8, (13) p9, (14) p10, (15) p11, (16) p12, (17) p13, (18) p14, (19) p15, (20) p16, (21) p17, (22) p18, (23) p19, or (24) p20 parameter to /api/management/updateihmsettings; the (25) ID, (26) NAME, (27) CPUTHREADNB, (28) RAMCAP, or (29) DISKCAP parameter to /api/capaplan/savetemplates.

PUBLISHED Reserved 2025-03-11 | Published 2025-04-25 | Updated 2025-04-25 | Assigner mitre

References

github.com/Elymaro/CVE/blob/main/EasyVirt/CVE-2025-28076.md

www.easyvirt.com/

cve.org (CVE-2025-28076)

nvd.nist.gov (CVE-2025-28076)

Download JSON