SQL Injection Vulnerability in CIGESv2 System Could Allow Remote User to Retrieve All Data Stored in Database
CVE-2024-2723

9.8CRITICAL

Key Information:

Vendor: Ciges
Status: Cigesv2
Vendor: CVE Published:; 22 March 2024

What is CVE-2024-2723?

The CIGESv2 system has a SQL injection vulnerability located in the /ajaxSubServicios.php script. This vulnerability arises from improper validation of the 'idServicio' parameter, allowing attackers to execute arbitrary SQL queries against the database. Successful exploitation could permit unauthorized access to sensitive data, enabling attackers to retrieve comprehensive information stored within the database. Organizations utilizing the CIGESv2 system should apply recommended security patches and implement robust input validation measures to mitigate this risk.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

CIGESv2 CIGESv2

References

https://www.incibe.es/en/incibe-cert/notices/aviso/multip...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 22, 2024
Vulnerability Reserved
Mar 20, 2024

Credit

Óscar Atienza

JSON

Ciges

What is CVE-2024-2723?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.