CVE-2025-1640

A vulnerability was found in Benner ModernaNet up to 1.1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /Home/JS_CarregaCombo?formName=DADOS_PESSOAIS_PLANO&additionalCondition=&insideParameters=&elementToReturn=DADOS_PESSOAIS_PLANO&ordenarPelaDescricao=true&direcaoOrdenacao=asc&_=1739290047295. The manipulation leads to sql injection. The attack may be launched remotely. Upgrading to version 1.1.1 is able to address this issue. It is recommended to upgrade the affected component.
References
Link Resource
https://github.com/yago3008/CVES Third Party Advisory
https://vuldb.com/?ctiid.296690 Permissions Required VDB Entry
https://vuldb.com/?id.296690 Permissions Required VDB Entry
https://vuldb.com/?submit.499115 Exploit Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

cpe:2.3:a:modernasistemas:modernanet:*:*:*:*:*:*:*:*

History

17 Jun 2026, 08:39

Type Values Removed Values Added
First Time Modernasistemas
Modernasistemas modernanet
CPE cpe:2.3:a:modernasistemas:modernanet:*:*:*:*:*:*:*:*
Summary
  • (es) Se ha detectado una vulnerabilidad en Benner ModernaNet hasta la versión 1.1.0 y se ha clasificado como crítica. Este problema afecta a algunas funciones desconocidas del archivo /Home/JS_CarregaCombo?formName=DADOS_PESSOAIS_PLANO&additionalCondition=&insideParameters=&elementToReturn=DADOS_PESSOAIS_PLANO&ordenarPelaDescricao=true&direcaoOrdenacao=asc&_=1739290047295. La manipulación conduce a una inyección SQL. El ataque puede ejecutarse de forma remota. La actualización a la versión 1.1.1 puede solucionar este problema. Se recomienda actualizar el componente afectado.
References () https://github.com/yago3008/CVES - () https://github.com/yago3008/CVES - Third Party Advisory
References () https://vuldb.com/?ctiid.296690 - () https://vuldb.com/?ctiid.296690 - Permissions Required, VDB Entry
References () https://vuldb.com/?id.296690 - () https://vuldb.com/?id.296690 - Permissions Required, VDB Entry
References () https://vuldb.com/?submit.499115 - () https://vuldb.com/?submit.499115 - Exploit, Third Party Advisory, VDB Entry

25 Feb 2025, 00:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-02-25 00:15

Updated : 2026-06-17 08:39


NVD link : CVE-2025-1640

Mitre link : CVE-2025-1640

CVE.ORG link : CVE-2025-1640


JSON object : View

Products Affected

modernasistemas

  • modernanet
CWE
CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')