CVE-2025-52026

High CVSS: 7.5

An information disclosure vulnerability exists in the /srvs/membersrv/getCashiers endpoint of the Aptsys gemscms backend platform thru 2025-05-28. This unauthenticated endpoint returns a list of cashier accounts, including names, email addresses, usernames, and passwords hashed using MD5. As MD5 is a broken cryptographic function, the hashes can be easily reversed using public tools, exposing user credentials in plaintext. This allows remote attackers to perform unauthorized logins and potentially gain access to sensitive POS operations or backend functions.

Vendor

Aptsys

Product

Gemscms Backend

CWE

CWE-200

Yayın Tarihi

2026-01-23 21:15:50

Güncelleme

2026-02-12 16:48:21

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-200 Gemscms Backend HIGH Aptsys 2026

Referanslar

http://aptsys.com https://gist.github.com/ReverseThatApp/4a6be2b9b2ba39d38c35c8753e0afd39

Benzer Kayıtlar

Medium

CVE-2025-52023

A vulnerability in the PHP backend of gemscms.aptsys.com.sg thru 2025-05-28 allows unauthenticated remote attackers to t…

Critical

CVE-2025-52024

A vulnerability exists in the Aptsys POS Platform Web Services module thru 2025-05-28, which exposes internal API testin…

Critical

CVE-2025-52025

An SQL Injection vulnerability exists in the GetServiceByRestaurantID endpoint of the Aptsys gemscms POS Platform backen…

Medium

CVE-2025-52022

A vulnerability in the PHP backend of gemsloyalty.aptsys.com.sg thru 2025-05-28 allows unauthenticated remote attackers…