CVE-2025-29980 Information

Description

A SQL injection issue has been discovered in eTRAKiT.net release 3.2.1.77. Due to improper input validation a remote unauthenticated attacker can run arbitrary commands as the current MS SQL server account. It is recommended that the CRM feature is turned off while on eTRAKiT.net release 3.2.1.77. eTRAKiT.Net is no longer supported and users are recommended to migrate to the latest version of CentralSquare Community Development.

Reference

https://github.com/cisagov/CSAF/pull/182/files#diff-53861466371a59578b21f5e4b4b6be7b2a6267c5d0fe81eda2a849bf6915ed8d url https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/IT/white/2025/va-25-079-01.json url