Home

Description

Unrestricted upload vulnerability for dangerous file types on Summar Software´s Portal del Empleado. This vulnerability allows an attacker to upload a dangerous file type by sending a POST request using the parameter “cctl00$ContentPlaceHolder1$fuAdjunto” in “/MemberPages/ntf_absentismo.aspx”.

PUBLISHED Reserved 2025-04-16 | Published 2025-09-18 | Updated 2025-09-18 | Assigner INCIBE




MEDIUM: 5.3CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N

Problem types

CWE-434 Unrestricted Upload of File with Dangerous Type

Product status

Default status
unaffected

3.98.0
affected

Credits

Pedro Gabaldón Juliá finder

Javier Medina Munuera finder

Antonio José Gálvez Sánchez finder

Alejandro Baño Andrés finder

Álvaro Piñero Laorden finder

References

www.incibe.es/...erabilities-summar-software-employee-portal

cve.org (CVE-2025-40678)

nvd.nist.gov (CVE-2025-40678)

Download JSON