CVE-2025-40677 | HackTesting

SQL injection vulnerability in Summar Software´s Portal del Empleado. This vulnerability allows an attacker to retrieve, create, update, and delete the database by sending a POST request using the parameter “ctl00$ContentPlaceHolder1$filtroNombre” in “/MemberPages/quienesquien.aspx”.

Credits

Pedro Gabaldón Juliá

Javier Medina Munuera

Antonio José Gálvez Sánchez

Alejandro Baño Andrés

Álvaro Piñero Laorden

References

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-summar-software-employee-portal