WinPlus SQL Injection Vulnerability

Vulnerability

A SQL injection vulnerability has been identified in WinPlus version 24.11.27 by Informática del Este. This vulnerability allows an attacker to recover, create, update, and delete databases by sending a POST request with the 'val1' and 'cont' parameters to '/WinplusPortal/ws/sWinplus.svc/json/getacumper_post'.

Impact

Exploitation of this vulnerability allows for arbitrary SQL commands to be executed, potentially leading to unauthorized data access, data manipulation, or deletion of database information.

Added: Nov 18, 2025, 12:18 PM

Updated: Nov 18, 2025, 2:39 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

5.2

remediation

0.0

relevance

1.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

5.2

remediation

0.0

relevance

1.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WinPlus SQL Injection Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating