CVE-2025-1640 MEDIUM

CVE-2025-1640: Benner ModernaNet JS_CarregaCombo sql injection

Vendor Benner
Product ModernaNet
Weakness CWE-89 · SQLi
Published February 25, 2025
Last update February 25, 2025
View on NVD All CVEs

CVSS base score

6.9/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A vulnerability was found in Benner ModernaNet up to 1.1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /Home/JS_CarregaCombo?formName=DADOS_PESSOAIS_PLANO&additionalCondition=&insideParameters=&elementToReturn=DADOS_PESSOAIS_PLANO&ordenarPelaDescricao=true&direcaoOrdenacao=asc&_=1739290047295. The manipulation leads to sql injection. The attack may be launched remotely. Upgrading to version 1.1.1 is able to address this issue. It is recommended to upgrade the affected component.

Key dates

02Disclosure timeline

February 25, 2025 CVE published
February 25, 2025 Record updated

Related vulnerabilities

04Related CVE

CVE-2024-13070 CodeAstro Online Food Ordering System Update User Page update_users.php sql injection CVE-2023-26015 WordPress MapPress Maps for WordPress Plugin <= 2.85.4 is vulnerable to SQL Injection CVE-2026-4608 ProfileGrid <= 5.9.8.4 - Authenticated (Subscriber+) SQL Injection via 'rid' Parameter CVE-2023-2243 SourceCodester Complaint Management System POST Parameter registration.php sql injection CVE-2022-47430 WordPress The School Management – Education & Learning Management Plugin <= 4.1 is vulnerable to SQL Injection