CVE-2025-40698

CVSS v4.0

8.7

High

Vector

AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Prevengos version 2.44

Description A SQL injection issue exists in Prevengos version 2.44 by Nedatec Consulting. This allows an attacker to retrieve, create, update, and delete databases. The issue is triggered by sending a POST request to the /servicios/autorizaciones.asmx/mfsRecuperarListado API endpoint, utilizing the mpsCentroin, mpsEmpresa, mpsProyecto, and mpsContrata parameters.

Recommendations Apply a fix for Prevengos version 2.44 to address the SQL injection issue.

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2025-40698

Affected Products

Prevengos

CVE-2025-40698

Weakness Enumeration

Related Identifiers

Affected Products

References · 6