CVE-2025-1641

A vulnerability was found in Benner ModernaNet up to 1.1.0. It has been classified as critical. This affects an unknown part of the file /AGE0000700/GetHorariosDoDia?idespec=0&idproced=1103&data=2025-02-25+19%3A25&agserv=0&convenio=1&localatend=1&idplano=5&pesfis=01&idprofissional=0&target=.horarios--dia--d0&_=1739371223797. The manipulation leads to sql injection. It is possible to initiate the attack remotely. Upgrading to version 1.1.1 is able to address this issue. It is recommended to upgrade the affected component.
References
Link Resource
https://github.com/yago3008/cves Exploit Third Party Advisory
https://vuldb.com/?ctiid.296691 Permissions Required VDB Entry
https://vuldb.com/?id.296691 Permissions Required VDB Entry
https://vuldb.com/?submit.499875 Exploit Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

cpe:2.3:a:modernasistemas:modernanet:*:*:*:*:*:*:*:*

History

17 Jun 2026, 08:39

Type Values Removed Values Added
First Time Modernasistemas
Modernasistemas modernanet
Summary
  • (es) Se ha detectado una vulnerabilidad en Benner ModernaNet hasta la versión 1.1.0. Se ha clasificado como crítica. Afecta a una parte desconocida del archivo /AGE0000700/GetHorariosDoDia?idespec=0&idproced=1103&data=2025-02-25+19%3A25&agserv=0&convenio=1&localatend=1&idplano=5&pesfis=01&idprofissional=0&target=.horarios--dia--d0&_=1739371223797. La manipulación conduce a una inyección SQL. Es posible iniciar el ataque de forma remota. La actualización a la versión 1.1.1 puede solucionar este problema. Se recomienda actualizar el componente afectado.
References () https://github.com/yago3008/cves - () https://github.com/yago3008/cves - Exploit, Third Party Advisory
References () https://vuldb.com/?ctiid.296691 - () https://vuldb.com/?ctiid.296691 - Permissions Required, VDB Entry
References () https://vuldb.com/?id.296691 - () https://vuldb.com/?id.296691 - Permissions Required, VDB Entry
References () https://vuldb.com/?submit.499875 - () https://vuldb.com/?submit.499875 - Exploit, Third Party Advisory, VDB Entry
CPE cpe:2.3:a:modernasistemas:modernanet:*:*:*:*:*:*:*:*

25 Feb 2025, 00:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-02-25 00:15

Updated : 2026-06-17 08:39


NVD link : CVE-2025-1641

Mitre link : CVE-2025-1641

CVE.ORG link : CVE-2025-1641


JSON object : View

Products Affected

modernasistemas

  • modernanet
CWE
CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')