CVE-2025-40677

Name of the Vulnerable Software and Affected Versions Summar Software Portal del Empleado (affected versions not specified)

Description A SQL injection vulnerability exists in Summar Software’s Portal del Empleado. This vulnerability allows an attacker to retrieve, create, update, and delete the database. The vulnerability is triggered by sending a POST request using the ctl00$ContentPlaceHolder1$filtroNombre parameter to the /MemberPages/quienesquien.aspx endpoint.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the /MemberPages/quienesquien.aspx endpoint. Sanitize or validate the ctl00$ContentPlaceHolder1$filtroNombre parameter to prevent SQL injection attacks.