Unrated severityNVD Advisory· Published Mar 20, 2025· Updated Apr 7, 2025

Blind SQL Injection vulnerability in eTRAKiT.Net

CVE-2025-29980

Description

A SQL injection issue has been discovered in eTRAKiT.net release 3.2.1.77. Due to improper input validation, a remote unauthenticated attacker can run arbitrary commands as the current MS SQL server account. It is recommended that the CRM feature is turned off while on eTRAKiT.net release 3.2.1.77. eTRAKiT.Net is no longer supported, and users are recommended to migrate to the latest version of CentralSquare Community Development.

Affected products

eTRAKiT/eTRAKiT.netllm-create
Range: = 3.2.1.77
CentralSquare/eTRAKiT.Netv5
Range: 3.2.1.77

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/cisagov/CSAF/pull/182/filesmitre
raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-079-01.jsonmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000