CVE Catalog

CVE-2025-29267

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.25%

16th percentile - higher than 16% of all known CVEs

Summary

SQL Injection vulnerability in Abis, Inc Adjutant Core Accounting ERP build PreBeta250F allows a remote attacker to obtain sensitive information via the cid parameter in a GET request.

Risk Assessment

An attacker can exfiltrate confidential financial and personal data from the database, leading to confidentiality breaches and potential financial and reputational losses.

Recommendation

Immediately update the system to the latest version and implement parameterized SQL queries or input validation for the cid parameter.

Original NVD description (English source)

SQL Injection vulnerability in Abis, Inc Adjutant Core Accounting ERP build v.PreBeta250F allows a remote attacker to obtain a sensitive information via the cid parameter in the GET request.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS