{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2025-1641","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2025-02-24T17:22:11.667Z","datePublished":"2025-02-25T00:00:13.300Z","dateUpdated":"2025-02-25T14:16:48.411Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2025-02-25T00:00:13.300Z"},"title":"Benner ModernaNet GetHorariosDoDia sql injection","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-89","lang":"en","description":"SQL Injection"}]},{"descriptions":[{"type":"CWE","cweId":"CWE-74","lang":"en","description":"Injection"}]}],"affected":[{"vendor":"Benner","product":"ModernaNet","versions":[{"version":"1.0","status":"affected"},{"version":"1.1","status":"affected"}]}],"descriptions":[{"lang":"en","value":"A vulnerability was found in Benner ModernaNet up to 1.1.0. It has been classified as critical. This affects an unknown part of the file /AGE0000700/GetHorariosDoDia?idespec=0&idproced=1103&data=2025-02-25+19%3A25&agserv=0&convenio=1&localatend=1&idplano=5&pesfis=01&idprofissional=0&target=.horarios--dia--d0&_=1739371223797. The manipulation leads to sql injection. It is possible to initiate the attack remotely. Upgrading to version 1.1.1 is able to address this issue. It is recommended to upgrade the affected component."},{"lang":"de","value":"Es wurde eine Schwachstelle in Benner ModernaNet bis 1.1.0 ausgemacht. Sie wurde als kritisch eingestuft. Hiervon betroffen ist ein unbekannter Codeblock der Datei /AGE0000700/GetHorariosDoDia?idespec=0&idproced=1103&data=2025-02-25+19%3A25&agserv=0&convenio=1&localatend=1&idplano=5&pesfis=01&idprofissional=0&target=.horarios--dia--d0&_=1739371223797. Durch Beeinflussen mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Ein Aktualisieren auf die Version 1.1.1 vermag dieses Problem zu lösen. Als bestmögliche Massnahme wird das Einspielen eines Upgrades empfohlen."}],"metrics":[{"cvssV4_0":{"version":"4.0","baseScore":6.9,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N","baseSeverity":"MEDIUM"}},{"cvssV3_1":{"version":"3.1","baseScore":7.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseSeverity":"HIGH"}},{"cvssV3_0":{"version":"3.0","baseScore":7.3,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseSeverity":"HIGH"}},{"cvssV2_0":{"version":"2.0","baseScore":7.5,"vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P"}}],"timeline":[{"time":"2025-02-24T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2025-02-24T01:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2025-02-24T18:27:33.000Z","lang":"en","value":"VulDB entry last update"}],"credits":[{"lang":"en","value":"y4g0 (VulDB User)","type":"reporter"}],"references":[{"url":"https://vuldb.com/?id.296691","name":"VDB-296691 | Benner ModernaNet GetHorariosDoDia sql injection","tags":["vdb-entry"]},{"url":"https://vuldb.com/?ctiid.296691","name":"VDB-296691 | CTI Indicators (IOB, IOC, TTP, IOA)","tags":["signature","permissions-required"]},{"url":"https://vuldb.com/?submit.499875","name":"Submit #499875 | benner modernanet < 1.1.1 sqli","tags":["third-party-advisory"]},{"url":"https://github.com/yago3008/cves","tags":["related"]}]},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-02-25T14:16:38.960551Z","id":"CVE-2025-1641","options":[{"Exploitation":"poc"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-02-25T14:16:48.411Z"}}]}}