CVE-2025-43923
MEDIUMUnicom Focal Point 7.6.1 - Authenticated SQL Injection via Report Image Delete Parameter
Title source: llmDescription
An issue was discovered in ReportController in Unicom Focal Point 7.6.1. A user who has administrative privilege in Focal Point can perform SQL injection via the image parameter during a delete report image operation.
References (2)
Core 2
Core References
Vendor Advisory
https://www.unicomsi.com/security-advisory/
Scores
CVSS v3
6.5
EPSS
0.0022
EPSS Percentile
12.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-89
Status
published
Products (1)
unicomsi/focal_point
7.6.1
Published
Jun 03, 2025
Tracked Since
Feb 18, 2026