WinMatrix3 Web package developed by Simopro Technology has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.

CVE Database V5

Detailed information about CVE-2025-7918: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in Simopro Technology WinM

CVE-2025-7918: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in Simopro Technology WinMatrix3 Web package - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-7918: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in Simopro Technology WinMatrix3 Web package

WinMatrix3 Web package developed by Simopro Technology has an Arbitrary File Upload vulnerability, allowing remote attackers with administrator privileges to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.

Detailed information about CVE-2025-7917: CWE-434 Unrestricted Upload of File with Dangerous Type in Simopro Technology WinMatrix3 Web package affecting Simopro

CVE-2025-7917: CWE-434 Unrestricted Upload of File with Dangerous Type in Simopro Technology WinMatrix3 Web package - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-7917: CWE-434 Unrestricted Upload of File with Dangerous Type in Simopro Technology WinMatrix3 Web package

A vulnerability was found in Chanjet CRM 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /mail/mailinactive.php of the component Login Page. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-7915 is a SQL Injection vulnerability identified in Chanjet CRM version 1.0, specifically within the /mail/mailinactive.php file, which is part of the Login Page component. SQL Injection vulnerabilities occur when untrusted input is improperly sanitized and directly included in SQL queries, allowing attackers to manipulate the database queries executed by the application. In this case, the vulnerability allows remote attackers to inject malicious SQL code without requiring any authentication or user interaction, as indicated by the CVSS vector (AV:N/AC:L/AT:N/PR:N/UI:N). The vulnerability impacts confidentiality, integrity, and availability of the database, albeit with limited scope and impact (VC:L/VI:L/VA:L). The CVSS score of 6.9 (medium severity) reflects that while the attack is relatively easy to execute remotely, the overall impact is limited compared to more severe SQL injection flaws. The vulnerability affects an unknown functionality within the mailinactive.php script, which likely handles inactive mail or notification features related to user login. Exploitation could allow attackers to extract sensitive data, modify or delete records, or disrupt CRM operations. Although no public exploits are currently known in the wild, the vulnerability has been publicly disclosed, increasing the risk of exploitation by opportunistic attackers. No patches or fixes have been linked yet, indicating that organizations using Chanjet CRM 1.0 remain vulnerable until remediation is available or mitigations are applied.

Detailed information about CVE-2025-7915: SQL Injection in Chanjet CRM affecting Chanjet CRM. Get real-time updates, technical details, and mitigation strategie

CVE-2025-7915: SQL Injection in Chanjet CRM - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-7915: SQL Injection in Chanjet CRM

A vulnerability has been found in Tenda AC6 15.03.06.50 and classified as critical. Affected by this vulnerability is the function setparentcontrolinfo of the component httpd. The manipulation leads to buffer overflow. The attack can be launched remotely.

CVE-2025-7914 is a critical buffer overflow vulnerability identified in the Tenda AC6 router, specifically in firmware version 15.03.06.50. The flaw exists within the 'setparentcontrolinfo' function of the embedded HTTP daemon (httpd) component. This function is responsible for handling parental control settings on the device. Due to improper bounds checking or input validation, an attacker can craft a malicious request to this function that overflows a buffer, potentially overwriting adjacent memory. This memory corruption can lead to arbitrary code execution or cause the device to crash, resulting in denial of service. The vulnerability is remotely exploitable without requiring user interaction or prior authentication, as indicated by the CVSS vector (AV:N/AC:L/AT:N/UI:N/PR:L). The attack complexity is low, and the impact on confidentiality, integrity, and availability is high, as an attacker could gain control over the router or disrupt network services. Although no known exploits are currently reported in the wild, the critical nature and ease of exploitation make this a significant threat to affected devices. The lack of available patches at the time of publication further increases the risk for users of this firmware version.

Detailed information about CVE-2025-7914: Buffer Overflow in Tenda AC6 affecting Tenda AC6. Get real-time updates, technical details, and mitigation strategies.

CVE-2025-7914: Buffer Overflow in Tenda AC6 - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-7914: Buffer Overflow in Tenda AC6

WinMatrix3 developed by Simopro Technology has an Insecure Deserialization vulnerability, allowing unauthenticated remote attackers to execute arbitrary code on the server by sending maliciously crafted serialized contents.

Detailed information about CVE-2025-7916: CWE-502 Deserialization of Untrusted Data in Simopro Technology WinMatrix3 affecting Simopro Technology WinMatrix3. Ge

CVE-2025-7916: CWE-502 Deserialization of Untrusted Data in Simopro Technology WinMatrix3

CVE-2025-7916: CWE-502 Deserialization of Untrusted Data in Simopro Technology WinMatrix3

Description

Technical Details

Related Threats

CVE-2025-7918: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in Simopro Technology WinMatrix3 Web package

CVE-2025-7917: CWE-434 Unrestricted Upload of File with Dangerous Type in Simopro Technology WinMatrix3 Web package

CVE-2025-7915: SQL Injection in Chanjet CRM

CVE-2025-7914: Buffer Overflow in Tenda AC6

CVE-2025-7913: Buffer Overflow in TOTOLINK T6

Actions

External Links

Need enhanced features?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility