Atisolutions · Atisolutions Ciges · CVE-2024-8161
Name of the Vulnerable Software and Affected Versions:
ATISolutions CIGES versions prior to 2.15.5
Description:
The issue is a SQL injection vulnerability that allows a remote attacker to send a specially crafted SQL query to the "/modules/ajaxServiciosCentro.php" endpoint in the `idCentro` parameter and retrieve all the information stored in the database.
Recommendations:
For versions prior to 2.15.5, update to version 2.15.5 or later to resolve the issue.
As a temporary workaround, consider restricting access to the "/modules/ajaxServiciosCentro.php" endpoint or validating and sanitizing the `idCentro` parameter to prevent malicious SQL queries.