Detections
Analytics
Advantive Veracore < 2025.1.1.3 SQL Injection
high Web App Scanning Plugin ID 114935
Language:
Synopsis
Advantive Veracore < 2025.1.1.3 SQL InjectionDescription
Advantive Veracore version prior to 2025.1.1.3 is vulnerable to SQL Injection in timeoutWarning.asp functionality, allowing attackers to execute arbitrary SQL queries via the PmSess1 parameter.Solution
Upgrade to Advantive Veracore 2025.1.1.3 or latest.See Also
https://advantive.my.site.com/support/s/article/Veracore-Release-Notes-2025-1-1-3
Plugin Details
Severity: High
ID: 114935
Type: remote
Family: Component Vulnerability
Published: 8/5/2025
Updated: 8/5/2025
Scan Template: basic, full, pci, scan
Risk Information
VPR
Risk Factor: Medium
Score: 5.1
CVSS v2
Risk Factor: High
Base Score: 7.8
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N
CVSS Score Source: CVE-2025-25181
CVSS v3
Risk Factor: High
Base Score: 7.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVSS Score Source: CVE-2025-25181
Vulnerability Information
CPE: cpe:2.3:a:advantive:veracore:*:*:*:*:*:*:*:*
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 2/10/2025
Vulnerability Publication Date: 2/2/2025
CISA Known Exploited Vulnerability Due Dates: 3/31/2025
Reference Information
CVE: CVE-2025-25181
CWE: 89
OWASP: 2010-A1, 2013-A1, 2013-A9, 2017-A1, 2017-A9, 2021-A3, 2021-A6
WASC: SQL Injection
CAPEC: 108, 109, 110, 470, 66, 7
DISA STIG: APSC-DV-002540, APSC-DV-002630
HIPAA: 164.306(a)(1), 164.306(a)(2)
ISO: 27001-A.14.2.5
NIST: sp800_53-CM-6b, sp800_53-SI-10
OWASP API: 2019-API7, 2019-API8, 2023-API8
OWASP ASVS: 4.0.2-14.2.1, 4.0.2-5.3.4