CVE-2025-1751

Name of the Vulnerable Software and Affected Versions Ciges version 2.15.5

Description A SQL Injection issue has been discovered, allowing an attacker to manipulate the database by exploiting the $idServicio parameter in the "/modules/ajaxBloqueaCita.php" endpoint. This enables unauthorized retrieval, creation, update, and deletion of database content.

Recommendations For Ciges version 2.15.5, consider restricting access to the "/modules/ajaxBloqueaCita.php" endpoint until a fix is available, and avoid using the $idServicio parameter in this endpoint to minimize the risk of exploitation.