CVE-2024-370

Name of the Vulnerable Software and Affected Versions: OpenGnsys version 1.1.1d (Espeto)

Description: A SQL Injection issue has been discovered, allowing an attacker to inject malicious SQL code into the login page. This could enable the attacker to bypass the login or retrieve all the information stored in the database.

Recommendations: For OpenGnsys version 1.1.1d (Espeto), consider temporarily restricting access to the login page until a patch is available. As a mitigation measure, avoid using the login functionality with untrusted input to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.