Gemscms Backend

5 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2025-52026 HIGH This Week

An information disclosure vulnerability exists in the /srvs/membersrv/getCashiers endpoint of the Aptsys gemscms backend platform thru 2025-05-28. This unauthenticated endpoint returns a list of cashier accounts, including names, email addresses, usernames, and passwords hashed using MD5. [CVSS 7.5 HIGH]

Information Disclosure Gemscms Backend
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-52025 CRITICAL Act Now

Aptsys gemscms POS Platform has a SQL injection in the GetServiceByRestaurantID endpoint allowing extraction of restaurant and payment data.

SQLi Gemscms Backend
NVD GitHub
CVSS 3.1
9.4
EPSS
0.0%
CVE-2025-52024 CRITICAL Act Now

Aptsys POS Platform Web Services module exposes internal API testing endpoints to the public, allowing unauthenticated access to point-of-sale backend systems.

Authentication Bypass Gemscms Backend
NVD GitHub
CVSS 3.1
9.4
EPSS
0.0%
CVE-2025-52023 MEDIUM This Month

A vulnerability in the PHP backend of gemscms.aptsys.com.sg thru 2025-05-28 allows unauthenticated remote attackers to trigger detailed error messages that disclose internal file paths, code snippets, and stack traces. [CVSS 5.3 MEDIUM]

PHP Information Disclosure Gemscms Backend
NVD GitHub
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-52022 MEDIUM This Month

A vulnerability in the PHP backend of gemsloyalty.aptsys.com.sg thru 2025-05-28 allows unauthenticated remote attackers to trigger detailed error messages that disclose internal file paths, code snippets, and stack traces. [CVSS 5.3 MEDIUM]

PHP Information Disclosure Gemscms Backend
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-52026
EPSS 0% CVSS 7.5
HIGH This Week

An information disclosure vulnerability exists in the /srvs/membersrv/getCashiers endpoint of the Aptsys gemscms backend platform thru 2025-05-28. This unauthenticated endpoint returns a list of cashier accounts, including names, email addresses, usernames, and passwords hashed using MD5. [CVSS 7.5 HIGH]

Information Disclosure Gemscms Backend
NVD GitHub
CVE-2025-52025
EPSS 0% CVSS 9.4
CRITICAL Act Now

Aptsys gemscms POS Platform has a SQL injection in the GetServiceByRestaurantID endpoint allowing extraction of restaurant and payment data.

SQLi Gemscms Backend
NVD GitHub
CVE-2025-52024
EPSS 0% CVSS 9.4
CRITICAL Act Now

Aptsys POS Platform Web Services module exposes internal API testing endpoints to the public, allowing unauthenticated access to point-of-sale backend systems.

Authentication Bypass Gemscms Backend
NVD GitHub
CVE-2025-52023
EPSS 0% CVSS 5.3
MEDIUM This Month

A vulnerability in the PHP backend of gemscms.aptsys.com.sg thru 2025-05-28 allows unauthenticated remote attackers to trigger detailed error messages that disclose internal file paths, code snippets, and stack traces. [CVSS 5.3 MEDIUM]

PHP Information Disclosure Gemscms Backend
NVD GitHub
CVE-2025-52022
EPSS 0% CVSS 5.3
MEDIUM This Month

A vulnerability in the PHP backend of gemsloyalty.aptsys.com.sg thru 2025-05-28 allows unauthenticated remote attackers to trigger detailed error messages that disclose internal file paths, code snippets, and stack traces. [CVSS 5.3 MEDIUM]

PHP Information Disclosure Gemscms Backend
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy