SQL Injection Vulnerability in Benner ModernaNet Up to Version 1.1.0
CVE-2025-1640

7.3HIGH

Key Information:

Vendor: Benner
Status: ModernaNet
Vendor: CVE Published:; 25 February 2025

Summary

A vulnerability exists in Benner ModernaNet affecting versions up to 1.1.0, where an SQL injection flaw in an unknown functionality can be exploited by remote attackers. The issue arises from the manipulation of the endpoint /Home/JS_CarregaCombo, allowing unauthorized access to sensitive data. Users are advised to upgrade to version 1.1.1 to secure their systems against this risk.

References

https://github.com/yago3008/CVES

https://vuldb.com/?ctiid.296690

https://vuldb.com/?id.296690

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 25, 2025