Ellevo · Ellevo · CVE-2024-42760
**Name of the Vulnerable Software and Affected Versions**
Ellevo version 6.2.0.38160
**Description**
The issue allows a remote attacker to obtain sensitive information via the "/api/mob/instrucao/conta/destinatarios" component. This is a SQL Injection vulnerability, which can lead to unauthorized data access.
**Recommendations**
For Ellevo version 6.2.0.38160, patch immediately to fix the SQL Injection vulnerability and monitor for signs of compromise. As a temporary workaround, consider restricting access to the "/api/mob/instrucao/conta/destinatarios" component until a patch is available.