Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities by AES Multimedia
CVE-2025-40671 (GCVE-0-2025-40671)
Vulnerability from cvelistv5 – Published: 2025-05-26 09:08 – Updated: 2025-06-04 09:56
VLAI
Title
SQL injection vulnerability in AES Multimedia's Gestnet
Summary
SQL injection vulnerability in AES Multimedia's Gestnet v1.07. This vulnerability allows an attacker to retrieve, create, update and delete databases via the ‘fk_remoto_central’ parameter on the ‘/webservices/articles.php’ endpoint.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-93 - Improper Neutralization of CRLF Sequences ('CRLF Injection')
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| AES Multimedia | Gestnet |
Affected:
1.07
|
Date Public
2025-05-26 09:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-40671",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-27T14:24:03.305000Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-27T14:24:08.736Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Gestnet",
"vendor": "AES Multimedia",
"versions": [
{
"status": "affected",
"version": "1.07"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Guzm\u00e1n Fern\u00e1ndez"
}
],
"datePublic": "2025-05-26T09:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SQL injection vulnerability in AES Multimedia\u0027s Gestnet v1.07. This vulnerability allows an attacker to retrieve, create, update and delete databases via the \u2018fk_remoto_central\u2019 parameter on the \u2018/webservices/articles.php\u2019 endpoint."
}
],
"value": "SQL injection vulnerability in AES Multimedia\u0027s Gestnet v1.07. This vulnerability allows an attacker to retrieve, create, update and delete databases via the \u2018fk_remoto_central\u2019 parameter on the \u2018/webservices/articles.php\u2019 endpoint."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-93",
"description": "CWE-93: Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-04T09:56:16.212Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/sql-injection-vulnerability-aes-multimedias-gestnet"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The module in which the vulnerability is found has been unused since 2010. Aes-Multimedia\u0027s Gesnet team has proceeded to delete it in the programs that still included it."
}
],
"value": "The module in which the vulnerability is found has been unused since 2010. Aes-Multimedia\u0027s Gesnet team has proceeded to delete it in the programs that still included it."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "SQL injection vulnerability in AES Multimedia\u0027s Gestnet",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2025-40671",
"datePublished": "2025-05-26T09:08:05.238Z",
"dateReserved": "2025-04-16T08:38:14.998Z",
"dateUpdated": "2025-06-04T09:56:16.212Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-40671 (GCVE-0-2025-40671)
Vulnerability from nvd – Published: 2025-05-26 09:08 – Updated: 2025-06-04 09:56
VLAI
Title
SQL injection vulnerability in AES Multimedia's Gestnet
Summary
SQL injection vulnerability in AES Multimedia's Gestnet v1.07. This vulnerability allows an attacker to retrieve, create, update and delete databases via the ‘fk_remoto_central’ parameter on the ‘/webservices/articles.php’ endpoint.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-93 - Improper Neutralization of CRLF Sequences ('CRLF Injection')
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| AES Multimedia | Gestnet |
Affected:
1.07
|
Date Public
2025-05-26 09:00
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-40671",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-27T14:24:03.305000Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-27T14:24:08.736Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Gestnet",
"vendor": "AES Multimedia",
"versions": [
{
"status": "affected",
"version": "1.07"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Guzm\u00e1n Fern\u00e1ndez"
}
],
"datePublic": "2025-05-26T09:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "SQL injection vulnerability in AES Multimedia\u0027s Gestnet v1.07. This vulnerability allows an attacker to retrieve, create, update and delete databases via the \u2018fk_remoto_central\u2019 parameter on the \u2018/webservices/articles.php\u2019 endpoint."
}
],
"value": "SQL injection vulnerability in AES Multimedia\u0027s Gestnet v1.07. This vulnerability allows an attacker to retrieve, create, update and delete databases via the \u2018fk_remoto_central\u2019 parameter on the \u2018/webservices/articles.php\u2019 endpoint."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-93",
"description": "CWE-93: Improper Neutralization of CRLF Sequences (\u0027CRLF Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-04T09:56:16.212Z",
"orgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"shortName": "INCIBE"
},
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/sql-injection-vulnerability-aes-multimedias-gestnet"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The module in which the vulnerability is found has been unused since 2010. Aes-Multimedia\u0027s Gesnet team has proceeded to delete it in the programs that still included it."
}
],
"value": "The module in which the vulnerability is found has been unused since 2010. Aes-Multimedia\u0027s Gesnet team has proceeded to delete it in the programs that still included it."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "SQL injection vulnerability in AES Multimedia\u0027s Gestnet",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "0cbda920-cd7f-484a-8e76-bf7f4b7f4516",
"assignerShortName": "INCIBE",
"cveId": "CVE-2025-40671",
"datePublished": "2025-05-26T09:08:05.238Z",
"dateReserved": "2025-04-16T08:38:14.998Z",
"dateUpdated": "2025-06-04T09:56:16.212Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}