CVE-2025-41348 | Informática del Este WinPlus 24.11.27 POST Request getacumper_post val1/cont sql injection

Inserito da Angelo Barbosa | Nov 18, 2025 | CVE

A vulnerability was found in Informática del Este WinPlus 24.11.27 and classified as critical. Affected by this issue is some unknown functionality of the file /WinplusPortal/ws/sWinplus.svc/json/getacumper_post of the component POST Request Handler. The manipulation of the argument val1/cont results in sql injection.

This vulnerability is cataloged as CVE-2025-41348. The attack may be launched remotely. There is no exploit available.

CVE-2025-41348 | Informática del Este WinPlus 24.11.27 POST Request getacumper_post val1/cont sql injection

Post correlati

CVE-2024-12942 | 1000 Projects Portfolio Management System MCA 1.0 /admin/admin_login.php username/password sql injection

CVE-2025-26850 | Quest KACE Systems Management Appliance up to 14.0.96/14.1.18 Agent authorization (EUVD-2025-20096)

CVE-2025-41650 | Weidmueller IE-SW-VL05M-5TX improper validation of specified type of input (VDE-2025-044)

CVE-2025-13276 | g33kyrash Online-Banking-System up to 12dbfa690e5af649fb72d2e5d3674e88d6743455 /index.php Username sql injection