CVE-2025-29267
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk16th percentile - higher than 16% of all known CVEs
Summary
SQL Injection vulnerability in Abis, Inc Adjutant Core Accounting ERP build PreBeta250F allows a remote attacker to obtain sensitive information via the cid parameter in a GET request.
Risk Assessment
An attacker can exfiltrate confidential financial and personal data from the database, leading to confidentiality breaches and potential financial and reputational losses.
Recommendation
Immediately update the system to the latest version and implement parameterized SQL queries or input validation for the cid parameter.
Original NVD description (English source)
SQL Injection vulnerability in Abis, Inc Adjutant Core Accounting ERP build v.PreBeta250F allows a remote attacker to obtain a sensitive information via the cid parameter in the GET request.

