Guzmán Fernández

**Name of the Vulnerable Software and Affected Versions** Gestnet version 1.07 **Description** This issue allows an attacker to retrieve, create, update, and delete databases via the `fk remoto central` parameter on the "/webservices/articles.php" endpoint. **Recommendations** For Gestnet version 1.07, as a temporary workaround, consider disabling the `fk remoto central` parameter in the "/webservices/articles.php" endpoint until a patch is available. Restrict access to the "/webservices/articles.php" endpoint to minimize the risk of exploitation. Avoid using the `fk remoto central` parameter in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.