Lucene search
K

8 matches found

CVE
CVE
added 2025/10/29 10:51 a.m.8 views

CVE-2025-12461

CVE-2025-12461 affects Grupo Castilla Epsilon RH. The issue allows an attacker to access the unprotected path …/epsilonnet/License/About.aspx and disclose license details and product configuration, including installed modules. The root cause is lack of access control on that path. Impact is infor...

6.9CVSS6.2AI score0.00278EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/29 10:51 a.m.6 views

CVE-2025-12461 Unprotected access to parts of the application in Epsilon RH by Grupo Castilla

This vulnerability allows an attacker to access parts of the application that are not protected by any type of access control. The attacker could access this path ‘…/epsilonnet/License/About.aspx’ and obtain information on both the licence and the configuration of the product by knowing which...

6.9CVSS0.00278EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/29 10:51 a.m.2 views

CVE-2025-12461 Unprotected access to parts of the application in Epsilon RH by Grupo Castilla

This vulnerability allows an attacker to access parts of the application that are not protected by any type of access control. The attacker could access this path ‘…/epsilonnet/License/About.aspx’ and obtain information on both the licence and the configuration of the product by knowing which...

6.9CVSS6.2AI score0.00278EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/21 9:25 a.m.11 views

CVE-2025-41028

A SQL Injection vulnerability has been found in Epsilon RH by Grupo Castilla. This vulnerability allows an attacker to retrieve, create, update and delete database via sending a POST request using the parameter ‘sEstadoUsr’ in ‘/epsilonnetws/WSAvisos.asmx’...

9.3CVSS7.9AI score0.00429EPSS
Exploits0References1
NVD
NVD
added 2025/10/20 9:15 a.m.6 views

CVE-2025-41028

A SQL Injection vulnerability has been found in Epsilon RH by Grupo Castilla. This vulnerability allows an attacker to retrieve, create, update and delete database via sending a POST request using the parameter ‘sEstadoUsr’ in ‘/epsilonnetws/WSAvisos.asmx’...

9.3CVSS0.00429EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/20 9:0 a.m.10 views

CVE-2025-41028 SQL injection in Epsilon RH

A SQL Injection vulnerability has been found in Epsilon RH by Grupo Castilla. This vulnerability allows an attacker to retrieve, create, update and delete database via sending a POST request using the parameter ‘sEstadoUsr’ in ‘/epsilonnetws/WSAvisos.asmx’...

9.3CVSS0.00429EPSS
Exploits0References1
CVE
CVE
added 2025/10/20 9:0 a.m.11 views

CVE-2025-41028

CVE-2025-41028 affects the Epsilon RH software from Grupo Castilla. The vulnerability is a SQL Injection that allows an attacker to retrieve, create, update, and delete data by sending a POST request that uses the parameter sEstadoUsr in the endpoint /epsilonnetws/WSAvisos.asmx . This is document...

9.3CVSS7.5AI score0.00429EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/10/20 12:0 a.m.3 views

Grupo Castilla Epsilon RH 安全漏洞

Grupo Castilla Epsilon RH is a human resource management software from the Spanish company Grupo Castilla. A security vulnerability exists in Grupo Castilla Epsilon RH, which stems from incorrect manipulation of the parameter sEstadoUsr in the file /epsilonnetws/WSAvisos.asmx, which could lead to...

9.3CVSS7.5AI score0.00429EPSS
Exploits0References1
Rows per page
Query Builder