CVE-2026-30655

Name of the Vulnerable Software and Affected Versions esiclivre versions prior to 0.2.3

Description A SQL injection flaw exists in the resetaSenha() function within the Solicitante class of esiclivre. This allows unauthenticated remote attackers to gain unauthorized access to sensitive information. The issue is triggered through the cpfcnpj parameter in the '/reset/index.php' endpoint.

Recommendations Update esiclivre to version 0.2.3 or later. As a temporary workaround, restrict access to the '/reset/index.php' endpoint. Avoid using the cpfcnpj parameter in the affected API endpoint until the issue is resolved.