CVE-2025-40698 | Nedatec Prevengos up to 2.44 HTTP POST Request mfsRecuperarListado mpsCentroin/mpsEmpresa/mpsProyecto/mpsContrata sql injection (EUVD-2025-31078)

A vulnerability, which was classified as critical, was found in Nedatec Prevengos up to 2.44. The impacted element is an unknown function of the file /servicios/autorizaciones.asmx/mfsRecuperarListado of the component HTTP POST Request Handler. Such manipulation of the argument mpsCentroin/mpsEmpresa/mpsProyecto/mpsContrata leads to sql injection.

This vulnerability is listed as CVE-2025-40698. The attack may be performed from remote. There is no available exploit.

You should upgrade the affected component.VulDB Recent EntriesRead More