📦 Winplus
by Iest
🔍 What is Winplus?
Description coming soon...
🛡️ Security Overview
Click on a severity to filter vulnerabilities
⚠️ Known Vulnerabilities
A critical SQL injection vulnerability in WinPlus v24.11.27 allows attackers to execute arbitrary SQL commands via specially crafted POST requests. This enables complete database manipulation includin...
This vulnerability allows unauthenticated attackers to upload dangerous files (like webshells) to WinPlus Portal servers via a specific API endpoint. Attackers can achieve remote code execution and fu...
CVE-2025-41346 is an authorization bypass vulnerability in WinPlus v24.11.27 that allows attackers to impersonate any user by knowing their numerical ID. This affects all users of the vulnerable softw...
A stored Cross-site Scripting (XSS) vulnerability in WinPlus v24.11.27 allows attackers to inject malicious scripts via the 'descripcion' parameter in POST requests. This could enable session cookie t...