Grupo Castilla Epsilon Rh vulnerabilities
2 known vulnerabilities affecting grupo_castilla/epsilon_rh.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2025-41028P2CRITICALCVSS 9.3v3.03.36.0102025-10-20
CVE-2025-41028 [CRITICAL] CWE-89 CVE-2025-41028: A SQL Injection vulnerability has been found in Epsilon RH by Grupo Castilla. This vulnerability all
A SQL Injection vulnerability has been found in Epsilon RH by Grupo Castilla. This vulnerability allows an attacker to retrieve, create, update and delete database via sending a POST request using the parameter ‘sEstadoUsr’ in ‘/epsilonnetws/WSAvisos.asmx’.
nvd
CVE-2025-12461P3MEDIUMCVSS 6.9v3.03.36.01852025-10-29
CVE-2025-12461 [MEDIUM] CWE-522 CVE-2025-12461: This vulnerability allows an attacker to access parts of the application that are not protected by a
This vulnerability allows an attacker to access parts of the application that are not protected by any type of access control. The attacker could access this path ‘…/epsilonnet/License/About.aspx’ and obtain information on both the licence and the configuration of the product by knowing which modules are installed.
nvd