exploitDog

CVE-2025-40677

Опубликовано: 18 сент. 2025

Источник: nvd

EPSS Низкий

Описание

SQL injection vulnerability in Summar Software´s Portal del Empleado. This vulnerability allows an attacker to retrieve, create, update, and delete the database by sending a POST request using the parameter “ctl00$ContentPlaceHolder1$filtroNombre” in “/MemberPages/quienesquien.aspx”.

Ссылки

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-summar-software-employee-portal

EPSS

Процентиль: 46%

0.00236

Низкий

Дефекты

CWE-89

Связанные уязвимости

GHSA-cqcc-3gx2-8vg9

github

5 месяцев назад

SQL injection vulnerability in Summar Software´s Portal del Empleado. This vulnerability allows an attacker to retrieve, create, update, and delete the database by sending a POST request using the parameter “ctl00$ContentPlaceHolder1$filtroNombre” in “/MemberPages/quienesquien.aspx”.

EPSS

Процентиль: 46%

0.00236

Низкий

Дефекты

CWE-89