CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2025-41348

SQL injection vulnerability in WinPlus v24.11.27 by Informática del Este. This vulnerability allows an attacker recover, create, update an delete databases by sendng a POST request using the parameters 'val1' and 'cont in '/WinplusPortal/ws/sWinplus.svc/json/getacumper_post'.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 4.5%

CVSS Severity

CVSS v3 Score 9.8

References

https://www.incibe.es/en/incibe-cert/notices/aviso/stored-cross-site-scripting-xss-winplus-informatica-del-este

Products affected by CVE-2025-41348

Iest » Winplus » Version: 24.11.27

cpe:2.3:a:iest:winplus:24.11.27

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2025-41348

Products

Pricing

Contact Us