Summar Software Portal Del Empleado vulnerabilities
2 known vulnerabilities affecting summar_software/portal_del_empleado.
Total CVEs
2
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2025-40677P2HIGHCVSS 8.7PoCv3.98.02025-09-18
CVE-2025-40677 [HIGH] CWE-89 CVE-2025-40677: SQL injection vulnerability in Summar Software´s Portal del Empleado. This vulnerability allows an a
SQL injection vulnerability in Summar Software´s Portal del Empleado. This vulnerability allows an attacker to retrieve, create, update, and delete the database by sending a POST request using the parameter “ctl00$ContentPlaceHolder1$filtroNombre” in “/MemberPages/quienesquien.aspx”.
nvd
CVE-2025-40678P3MEDIUMCVSS 5.3v3.98.02025-09-18
CVE-2025-40678 [MEDIUM] CWE-434 CVE-2025-40678: Unrestricted upload vulnerability for dangerous file types on Summar Software´s Portal del Empleado.
Unrestricted upload vulnerability for dangerous file types on Summar Software´s Portal del Empleado. This vulnerability allows an attacker to upload a dangerous file type by sending a POST request using the parameter “cctl00$ContentPlaceHolder1$fuAdjunto” in “/MemberPages/ntf_absentismo.aspx”.
nvd