CVE-2025-40677

HIGH

Summar Software's Portal del Empleado - SQL Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2025-40677. PoCs published by Peter Gabaldon, PeterGabaldon.

AI-analyzed exploit summary This exploit demonstrates an authenticated SQL injection vulnerability in Summar Employee Portal versions prior to 3.98.0. The vulnerability is exploited via the 'ctl00$ContentPlaceHolder1$filtroNombre' parameter in a POST request to '/MemberPages/quienesquien.aspx'.

Description

SQL injection vulnerability in Summar Software´s Portal del Empleado. This vulnerability allows an attacker to retrieve, create, update, and delete the database by sending a POST request using the parameter “ctl00$ContentPlaceHolder1$filtroNombre” in “/MemberPages/quienesquien.aspx”.

Exploits (2)

exploitdb WORKING POC
by Peter Gabaldon · textwebappsmultiple
https://www.exploit-db.com/exploits/52462

This exploit demonstrates an authenticated SQL injection vulnerability in Summar Employee Portal versions prior to 3.98.0. The vulnerability is exploited via the 'ctl00$ContentPlaceHolder1$filtroNombre' parameter in a POST request to '/MemberPages/quienesquien.aspx'.

Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Moderate
Reliability
Reliable
Target: Summar Employee Portal < 3.98.0
Auth required
Prerequisites: Authenticated access to the portal · SQLmap or similar tool for exploitation
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 1 stars
by PeterGabaldon · poc
https://github.com/PeterGabaldon/CVE-2025-40677

This repository provides a proof-of-concept for an authenticated SQL injection vulnerability in Summar Employee Portal versions prior to 3.98.0. The exploit targets the 'ctl00$ContentPlaceHolder1$filtroNombre' parameter in a POST request to '/MemberPages/quienesquien.aspx'.

Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Moderate
Reliability
Reliable
Target: Summar Employee Portal < 3.98.0
Auth required
Prerequisites: Authenticated access to the portal · SQLmap or similar tool for exploitation
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Scores

CVSS v4 8.7
EPSS 0.0022
EPSS Percentile 45.1%
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-89
Status published
Products (1)
Summar Software/Portal del Empleado 3.98.0
Published Sep 18, 2025
Tracked Since Feb 18, 2026