exploitDog

GHSA-9c6x-55mp-cvpv

Опубликовано: 20 окт. 2025

Источник: github

Github: Не прошло ревью

CVSS4: 9.3

Описание

A SQL Injection vulnerability has been found in Epsilon RH by Grupo Castilla. This vulnerability allows an attacker to retrieve, create, update and delete database via sending a POST request using the parameter ‘sEstadoUsr’ in ‘/epsilonnetws/WSAvisos.asmx’.

A SQL Injection vulnerability has been found in Epsilon RH by Grupo Castilla. This vulnerability allows an attacker to retrieve, create, update and delete database via sending a POST request using the parameter ‘sEstadoUsr’ in ‘/epsilonnetws/WSAvisos.asmx’.

Ссылки

EPSS

Процентиль: 14%

0.00045

Низкий

9.3 Critical

CVSS4

CVE ID

Дефекты

CWE-89

Связанные уязвимости

CVE-2025-41028

nvd

4 месяца назад

A SQL Injection vulnerability has been found in Epsilon RH by Grupo Castilla. This vulnerability allows an attacker to retrieve, create, update and delete database via sending a POST request using the parameter ‘sEstadoUsr’ in ‘/epsilonnetws/WSAvisos.asmx’.

EPSS

Процентиль: 14%

0.00045

Низкий

9.3 Critical

CVSS4

CVE ID

Дефекты

CWE-89