Primary

Context

Summar Software Portal del Empleado SQL Injection Vulnerability

Vulnerability

A SQL injection vulnerability has been identified in Summar Software's Portal del Empleado, affecting versions prior to 3.98.0. This vulnerability allows attackers to retrieve, create, update, and delete database records. Exploitation involves sending a POST request with the parameter 'ctl00$ContentPlaceHolder1$filtroNombre' to the '/MemberPages/quienesquien.aspx' page.

Impact

Exploitation of this vulnerability allows for full control over the database, including the ability to read, modify, and delete data.

Remediation

Users are advised to update to Summar Software Portal del Empleado version 3.98.0.

Added: Sep 18, 2025, 12:17 PM

Updated: Sep 18, 2025, 1:49 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

5.2

remediation

7.7

relevance

0.5

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

5.2

remediation

7.7

relevance

0.5

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Summar Software Portal del Empleado SQL Injection Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating