We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
In the Production Environment extension in Netmake ScriptCase through 9.12.006 (23), the Administrator password reset mechanism is mishandled. Making both a GET and a POST request to login.php.is sufficient. An unauthenticated attacker can then bypass authentication via administrator account takeover.
Reserved 2025-05-03 | Published 2025-07-05 | Updated 2025-07-05 | Assigner mitreCWE-684 Incorrect Provision of Specified Functionality
www.synacktiv.com/...-authenticated-remote-command-execution
github.com/synacktiv/CVE-2025-47227_CVE-2025-47228
Support options