Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

ciges

Source -

ADP

BOS Name -

N/A

CNA CVEs -

0

ADP CVEs -

4

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated ProductsRelated AssignersReports
4Vulnerabilities found
CVE-2024-8161
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-9.8||CRITICAL
EPSS-0.19% / 41.53%
||
7 Day CHG~0.00%
Published-26 Aug, 2024 | 08:46
Updated-26 Aug, 2024 | 15:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL injection vulnerability in CIGESv2 system

SQL injection vulnerability in ATISolutions CIGES affecting versions lower than 2.15.5. This vulnerability allows a remote attacker to send a specially crafted SQL query to the /modules/ajaxServiciosCentro.php point in the idCentro parameter and retrieve all the information stored in the database.

Action-Not Available
Vendor-CIGESciges
Product-CIGESv2cigesv2
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-2724
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-9.8||CRITICAL
EPSS-0.25% / 47.89%
||
7 Day CHG~0.00%
Published-22 Mar, 2024 | 13:34
Updated-01 Aug, 2024 | 19:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL injection vulnerability in the CIGESv2 system

SQL injection vulnerability in the CIGESv2 system, through /ajaxServiciosAtencion.php, in the 'idServicio' parameter. The exploitation of this vulnerability could allow a remote user to retrieve all data stored in the database by sending a specially crafted SQL query.

Action-Not Available
Vendor-Cigesciges
Product-CIGESv2ciges
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-2723
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-9.8||CRITICAL
EPSS-0.25% / 47.89%
||
7 Day CHG~0.00%
Published-22 Mar, 2024 | 13:34
Updated-13 Aug, 2024 | 13:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL injection vulnerability in the CIGESv2 system

SQL injection vulnerability in the CIGESv2 system, through /ajaxSubServicios.php, in the 'idServicio' parameter. The exploitation of this vulnerability could allow a remote user to retrieve all data stored in the database by sending a specially crafted SQL query.

Action-Not Available
Vendor-Cigesciges
Product-CIGESv2ciges
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-2722
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-9.8||CRITICAL
EPSS-0.48% / 64.28%
||
7 Day CHG~0.00%
Published-22 Mar, 2024 | 13:33
Updated-13 Aug, 2024 | 13:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL injection vulnerability in the CIGESv2 system

SQL injection vulnerability in the CIGESv2 system, through /ajaxConfigTotem.php, in the 'id' parameter. The exploitation of this vulnerability could allow a remote user to retrieve all data stored in the database by sending a specially crafted SQL query.

Action-Not Available
Vendor-Cigesciges
Product-CIGESv2ciges
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')