Informatica Del Este Winplus vulnerabilities
5 known vulnerabilities affecting informatica_del_este/winplus.
Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL3MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2025-41347P2CRITICALCVSS 9.8v24.11.272025-11-18
CVE-2025-41347 [CRITICAL] CWE-434 CVE-2025-41347: Unlimited upload vulnerability for dangerous file types in WinPlus v24.11.27 from Informática del Es
Unlimited upload vulnerability for dangerous file types in WinPlus v24.11.27 from Informática del Este. This vulnerability allows an attacker to upload a 'webshell' by sending a POST request to '/WinplusPortal/ws/sWinplus.svc/json/uploadfile'.
nvd
CVE-2025-41348P2CRITICALCVSS 9.8v24.11.272025-11-18
CVE-2025-41348 [CRITICAL] CWE-89 CVE-2025-41348: SQL injection vulnerability in WinPlus v24.11.27 by Informática del Este. This vulnerability allows
SQL injection vulnerability in WinPlus v24.11.27 by Informática del Este. This vulnerability allows an attacker recover, create, update an delete databases by sendng a POST request using the parameters 'val1' and 'cont in '/WinplusPortal/ws/sWinplus.svc/json/getacumper_post'.
nvd
CVE-2025-41346P2CRITICALCVSS 9.8v24.11.272025-11-18
CVE-2025-41346 [CRITICAL] CWE-863 CVE-2025-41346: Faulty authorization control in software WinPlus v24.11.27 by Informática del Este that allows anoth
Faulty authorization control in software WinPlus v24.11.27 by Informática del Este that allows another user to be impersonated simply by knowing their 'numerical ID', meaning that an attacker could compromise another user's account, thereby affecting the confidentiality, integrity, and availability of the data stored in the application.
nvd
CVE-2025-41349P4MEDIUMCVSS 5.4v24.11.272025-11-18
CVE-2025-41349 [MEDIUM] CWE-79 CVE-2025-41349: Stored Cross-site Scripting (XSS)vylnerability type in WinPlus v24.11.27 byInformática del Este that
Stored Cross-site Scripting (XSS)vylnerability type in WinPlus v24.11.27 byInformática del Este that consist of an stored XSS of a stored XSS due to a lack of proper validation of user input by sending a POST request using the 'descripcion' parameter in '/WinplusPortal/ws/sWinplus. svc/json/savesolpla_post'. This vulnerability could allow a remote us
nvd
CVE-2025-41350P4MEDIUMCVSS 5.4v24.11.272025-11-18
CVE-2025-41350 [MEDIUM] CWE-79 CVE-2025-41350: Stored Cross-site Scripting (XSS)vylnerability type in WinPlus v24.11.27 byInformática del Este that
Stored Cross-site Scripting (XSS)vylnerability type in WinPlus v24.11.27 byInformática del Este that consist of an stored XSS of a stored XSS due to a lack of proper validation of user input by sending a POST request using the 'descripcion' parameter in '/WinplusPortal/ws/sWinplus.svc/json/savesoldoc_post'. This vulnerability could allow a remote use
nvd