Bryan Romero

**Name of the Vulnerable Software and Affected Versions** esiclivre versions prior to 0.2.3 **Description** A SQL injection flaw exists in the `resetaSenha()` function within the Solicitante class of esiclivre. This allows unauthenticated remote attackers to gain unauthorized access to sensitive information. The issue is triggered through the `cpfcnpj` parameter in the '/reset/index.php' endpoint. **Recommendations** Update esiclivre to version 0.2.3 or later. As a temporary workaround, restrict access to the '/reset/index.php' endpoint. Avoid using the `cpfcnpj` parameter in the affected API endpoint until the issue is resolved.