Óscar Atienza

#9347of 53,633
29.4Total CVSS
Vulnerabilities · 3
Critical
3
PT-2024-21752
9.8
2024-03-22
Cigesv2 · Cigesv2 · CVE-2024-2722
**Name of the Vulnerable Software and Affected Versions** CIGESv2 (affected versions not specified) **Description** The issue is related to a SQL injection vulnerability in the CIGESv2 system. This vulnerability can be exploited through the /ajaxConfigTotem.php endpoint, specifically in the `id` parameter. By sending a specially crafted SQL query, a remote user could potentially retrieve all data stored in the database. **Recommendations** As a temporary workaround, consider restricting access to the /ajaxConfigTotem.php endpoint to minimize the risk of exploitation. Avoid using the `id` parameter in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2024-21762
9.8
2024-03-22
Cigesv2 · Cigesv2 · CVE-2024-2723
**Name of the Vulnerable Software and Affected Versions** CIGESv2 (affected versions not specified) **Description** The issue is related to a SQL injection vulnerability in the CIGESv2 system. This vulnerability can be exploited through the /ajaxSubServicios.php endpoint, specifically in the `idServicio` parameter. By sending a specially crafted SQL query, a remote user could potentially retrieve all data stored in the database. **Recommendations** As a temporary workaround, consider restricting access to the /ajaxSubServicios.php endpoint until a patch is available. Avoid using the `idServicio` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2024-21771
9.8
2024-03-22
Cigesv2 · Cigesv2 · CVE-2024-2724
**Name of the Vulnerable Software and Affected Versions** CIGESv2 (affected versions not specified) **Description** The issue is related to a SQL injection vulnerability in the CIGESv2 system. This vulnerability can be exploited through the /ajaxServiciosAtencion.php endpoint, specifically in the `idServicio` parameter. By sending a specially crafted SQL query, a remote user could retrieve all data stored in the database. **Recommendations** As a temporary workaround, consider restricting access to the /ajaxServiciosAtencion.php endpoint until a patch is available. Avoid using the `idServicio` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.