CVE-2025-28076 Information

Apr 26, 2025 cve

Description

Multiple SQL injection vulnerabilities in EasyVirt DCScope <= 8.6.4 and CO2Scope <= 1.3.4 allows remote authenticated attackers to execute arbitrary SQL commands via the (1) timeago (2) user (3) filter (4) target (5) p1 (6) p2 (7) p3 (8) p4 (9) p5 (10) p6 (11) p7 (12) p8 (13) p9 (14) p10 (15) p11 (16) p12 (17) p13 (18) p14 (19) p15 (20) p16 (21) p17 (22) p18 (23) p19 or (24) p20 parameter to /api/management/updateihmsettings; the (25) ID (26) NAME (27) CPUTHREADNB (28) RAMCAP or (29) DISKCAP parameter to /api/capaplan/savetemplates.

Reference

https://github.com/Elymaro/CVE/blob/main/EasyVirt/CVE-2025-28076.md https://www.easyvirt.com/

Share on: