CVE-2019-25159

Name of the Vulnerable Software and Affected Versions mpedraza2020 Intranet del Monterroso versions up to 4.50.0

Description A critical issue was found in the file config/cargos.php, where the manipulation of the dni profe argument leads to sql injection. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited.

Recommendations For versions up to 4.50.0, upgrade to version 4.51.0 to address this issue. As a temporary workaround, consider restricting access to the vulnerable file config/cargos.php until the upgrade is applied. Avoid using the dni profe argument in the affected component until the issue is resolved.