5 matches found
CVE-2025-41346
CVE-2025-41346 pertains to WinPlus v24.11.27 from Informática del Este, where faulty authorization control allows impersonation of another user by simply knowing the numerical ID. The issue affects confidentiality, integrity, and availability of data stored in the application. Connected sources c...
CVE-2025-41348
WinPlus v24.11.27 by Informática del Este is affected by an SQL injection vulnerability. The issue stems from insufficient sanitization in the POST endpoint /WinplusPortal/ws/sWinplus.svc/json/getacumper_post, using parameters val1 and cont, which could enable an attacker to recover, create, upda...
CVE-2025-41347
CVE-2025-41347 affects WinPlus v24.11.27 from Informática del Este. A flaw permits uploading dangerous file types via POST to /WinplusPortal/ws/sWinplus.svc/json/uploadfile, enabling a possible webshell upload. Public records identify the root cause as an unrestricted upload vector. Remediation i...
CVE-2025-41349
CVE-2025-41349 affects WinPlus v24.11.27 by Informática del Este. A Stored XSS flaw arises from insufficient validation of the descripcion parameter sent via POST to the API endpoint /WinplusPortal/ws/sWinplus.svc/json/savesolpla_post, exploitable by a remote attacker against an authenticated use...
CVE-2025-41350
CVE-2025-41350 describes a stored Cross-site Scripting (XSS) in WinPlus v24.11.27 by Informática del Este. The vulnerability arises from insufficient validation of user input in the POST parameter descripcion sent to the API endpoint /WinplusPortal/ws/sWinplus.svc/json/savesoldoc_post . A remote,...