CVE-2025-59742

SQL injection vulnerability in AndSoft’s e-TMS v25.03. This vulnerability could allow an attacker to retrieve, create, update, and delete databases by sending a POST request. The relationship between parameter and assigned identifier is a ‘USRMAIL’ parameter in’/inc/login/TRACK_REQUESTFRMSQL.ASP’.

More information : https://www.incibe.es/en/incibe-cert/notices/aviso/update-24092025-multiple-vulnerabilities-andsofts-e-tms