CVE-2024-8161

Name of the Vulnerable Software and Affected Versions: ATISolutions CIGES versions prior to 2.15.5

Description: The issue is a SQL injection vulnerability that allows a remote attacker to send a specially crafted SQL query to the "/modules/ajaxServiciosCentro.php" endpoint in the idCentro parameter and retrieve all the information stored in the database.

Recommendations: For versions prior to 2.15.5, update to version 2.15.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the "/modules/ajaxServiciosCentro.php" endpoint or validating and sanitizing the idCentro parameter to prevent malicious SQL queries.