CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2025-7920 – Simopro Technology|WinMatrix3 Web package - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2025-7920
21 Jul 2025 — WinMatrix3 Web package developed by Simopro Technology has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks. • https://www.twcert.org.tw/tw/cp-132-10262-2fcb6-1.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-7919 – Simopro Technology|WinMatrix3 Web package - SQL Injection
https://notcve.org/view.php?id=CVE-2025-7919
21 Jul 2025 — WinMatrix3 Web package developed by Simopro Technology has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents. • https://www.twcert.org.tw/tw/cp-132-10259-b4b38-1.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-7918 – Simopro Technology|WinMatrix3 Web package - SQL Injection
https://notcve.org/view.php?id=CVE-2025-7918
21 Jul 2025 — WinMatrix3 Web package developed by Simopro Technology has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents. • https://www.twcert.org.tw/en/cp-139-10264-6c4b7-2.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2025-7917 – Simopro Technology|WinMatrix3 Web package - Arbitrary File Upload
https://notcve.org/view.php?id=CVE-2025-7917
21 Jul 2025 — WinMatrix3 Web package developed by Simopro Technology has an Arbitrary File Upload vulnerability, allowing remote attackers with administrator privileges to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server. • https://www.twcert.org.tw/en/cp-139-10263-5f2e7-2.html • CWE-434: Unrestricted Upload of File with Dangerous Type •