CVE-2025-40678
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-09-18
Last updated on: 2025-09-18
Assigner: Spanish National Cybersecurity Institute, S.A. (INCIBE)
Description
Description
Unrestricted upload vulnerability for dangerous file types on Summar Software´s Portal del Empleado. This vulnerability allows an attacker to upload a dangerous file type by sending a POST request using the parameter “cctl00$ContentPlaceHolder1$fuAdjunto” in “/MemberPages/ntf_absentismo.aspx”.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| summar_software | portal_del_empleado | * |
| summar_software | portal_del_empleado | 3.98.0 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an unrestricted upload issue in Summar Software's Portal del Empleado. It allows an attacker to upload dangerous file types by sending a specially crafted POST request using the parameter "cctl00$ContentPlaceHolder1$fuAdjunto" on the "/MemberPages/ntf_absentismo.aspx" page.
How can this vulnerability impact me? :
The vulnerability can allow attackers to upload malicious files to the system, potentially leading to unauthorized code execution, data compromise, or further exploitation of the affected system.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70