CVE-2025-59793
Published Feb 17, 2026
Last updated 6 days ago
AI description
CVE-2025-9793 describes a SQL injection vulnerability found in version 1.0 of the Apartment Management System. Specifically, the flaw exists within the `/setting/admin.php` file. Attackers can exploit this vulnerability by manipulating the 'ddlBranch' argument, which allows them to execute unauthorized SQL commands. Successful exploitation of this vulnerability could enable an attacker to manipulate or extract database information, potentially bypass authentication mechanisms, and gain unauthorized access to the application's backend database. This could compromise the confidentiality, integrity, and availability of the system.
- Description
- Rocket TRUfusion Enterprise through 7.10.5 exposes the endpoint at /axis2/services/WsPortalV6UpDwAxis2Impl to authenticated users to be able to upload files. However, the application doesn't properly sanitize the jobDirectory parameter, which allows path traversal sequences to be included. This allows writing files to arbitrary local filesystem locations and may subsequently lead to remote code execution.
- Source
- cve@mitre.org
- NVD status
- Awaiting Analysis
- Hype score
- Not currently trending
CVE-2025-59793 Path Traversal in Rocket TRUfusion Enterprise Enabling Arbitrary File Write https://t.co/hBCBIebNFC
@VulmonFeeds
17 Feb 2026
37 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
Pwning TRUfusion Enterprise again: chaining a pre-auth SSRF (CVE-2025-32355), a default password, and a path traversal (CVE-2025-59793) to gain RCE. #security https://t.co/0VmQ6SaQZc
@MrTuxracer
17 Feb 2026
2593 Impressions
9 Retweets
48 Likes
19 Bookmarks
2 Replies
0 Quotes
Pwning TRUfusion Enterprise again: chaining a pre-auth SSRF (CVE-2025-32355), a default password, and a path traversal (CVE-2025-59793) to gain RCE. #security https://t.co/kkVDeAnTVi
@rcesecurity
17 Feb 2026
2006 Impressions
11 Retweets
38 Likes
17 Bookmarks
0 Replies
0 Quotes