CVE-2024-48761

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Celk Saude version 3.1.252.1

Description: The issue arises from improper validation or sanitization of the erro parameter, which is returned as a response when incorrect credentials are entered during login. This makes the component susceptible to injection attacks, potentially allowing attackers to manipulate the input and exploit the system.

Recommendations: Celk Saude version 3.1.252.1: Update the component that processes user input to properly validate or sanitize the erro parameter to prevent injection attacks. As a temporary workaround, consider restricting the use of the erro parameter in the affected component until a patch is available.

Exploit

Fix

XSS

Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79CWE-77

Related Identifiers

CVE-2024-48761

Affected Products

Celk Saude

CVE-2024-48761

Weakness Enumeration

Related Identifiers

Affected Products

References · 6