CNNVD-202511-2074 Information

CNNVD ID

CNNVD-202511-2074

Related CVE

CVE-2025-41348

• CNNVD Published: 2025-11-18

Description (Chinese)

Informática del Este WinPlus是西班牙Informática del Este公司的一个人力资源管理平台。 Informática del Este WinPlus v24.11.27版本存在SQL注入漏洞，该漏洞源于参数val1和cont清理和转义不足，可能导致SQL注入攻击。

Description (English)

Informática del Este WinPlus is a human resources management platform of the Spanish company Informática del Este. Version Informática del Este WinPlus v24.11.27 contains an injection loophole in SQL, which stems from inadequate clean-up and conversion of parameters val1 and cont, which could lead to an injection attack by SQL.

Hazard Level

High

Vulnerability Type

SQL注入

Affected Vendor

Informática del Este

Published

2025-11-18

Last Modified

2026-02-24

References

https://www.incibe.es/en/incibe-cert/notices/aviso/stored-cross-site-scripting-xss-winplus-informatica-del-este