CVE-2024-3704

Name of the Vulnerable Software and Affected Versions OpenGnsys version 1.1.1d (Espeto)

Description A SQL Injection issue has been discovered, allowing an attacker to inject malicious SQL code into the login page. This could enable the attacker to bypass the login or retrieve all the information stored in the database.

Recommendations For OpenGnsys version 1.1.1d (Espeto), as a temporary workaround, consider restricting access to the login page until a patch is available. Avoid using the login functionality with untrusted input until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.