CVE-2025-43923

{"id": "CVE-2025-43923", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 3.9}]}, "published": "2025-06-03T15:15:58.767", "references": [{"url": "https://www.unicomsi.com/products/focal-point/", "tags": ["Product"], "source": "cve@mitre.org"}, {"url": "https://www.unicomsi.com/security-advisory/", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in ReportController in Unicom Focal Point 7.6.1. A user who has administrative privilege in Focal Point can perform SQL injection via the image parameter during a delete report image operation."}, {"lang": "es", "value": "Se detect\u00f3 un problema en ReportController en Unicom Focal Point 7.6.1. Un usuario con privilegios administrativos en Focal Point puede realizar una inyecci\u00f3n SQL mediante el par\u00e1metro de imagen durante la eliminaci\u00f3n de una imagen de informe."}], "lastModified": "2025-06-09T18:05:07.393", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:unicomsi:focal_point:7.6.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9D259EEA-3122-4331-84C7-5F7EEB8905C1"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}