Fgimenesp

**Name of the Vulnerable Software and Affected Versions** OcoMon version 4.0 **Description** A SQL injection issue was found in OcoMon via the `cod` parameter at the "download.php" endpoint. This allows for potential exploitation. **Recommendations** For OcoMon version 4.0, consider restricting access to the "download.php" endpoint until a patch is available. As a temporary workaround, avoid using the `cod` parameter in the affected endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** OcoMon version 4.0 **Description** A SQL injection issue was discovered in OcoMon via the `cod` parameter at the "showImg.php" endpoint. This allows for potential exploitation of the database. **Recommendations** For OcoMon version 4.0, consider restricting access to the "showImg.php" endpoint until a patch is available. As a temporary workaround, avoid using the `cod` parameter in the affected endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.