Filtered by vendor Ciges
Subscriptions
Filtered by product Cigesv2
Subscriptions
Total
8 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-2728 | 1 Ciges | 1 Cigesv2 | 2024-11-21 | 4.1 Medium |
| Information exposure vulnerability in the CIGESv2 system. This vulnerability could allow a local attacker to intercept traffic due to the lack of proper implementation of the TLS protocol. | ||||
| CVE-2024-2727 | 1 Ciges | 1 Cigesv2 | 2024-11-21 | 6.1 Medium |
| HTML injection vulnerability affecting the CIGESv2 system, which allows an attacker to inject arbitrary code and modify elements of the website and email confirmation message. | ||||
| CVE-2024-2726 | 1 Ciges | 1 Cigesv2 | 2024-11-21 | 6.1 Medium |
| Stored Cross-Site Scripting (Stored-XSS) vulnerability affecting the CIGESv2 system, allowing an attacker to execute and store malicious javascript code in the application form without prior registration. | ||||
| CVE-2024-2725 | 1 Ciges | 1 Cigesv2 | 2024-11-21 | 7.5 High |
| Information exposure vulnerability in the CIGESv2 system. A remote attacker might be able to access /vendor/composer/installed.json and retrieve all installed packages used by the application. | ||||
| CVE-2024-2724 | 1 Ciges | 1 Cigesv2 | 2024-11-21 | 9.8 Critical |
| SQL injection vulnerability in the CIGESv2 system, through /ajaxServiciosAtencion.php, in the 'idServicio' parameter. The exploitation of this vulnerability could allow a remote user to retrieve all data stored in the database by sending a specially crafted SQL query. | ||||
| CVE-2024-2723 | 1 Ciges | 1 Cigesv2 | 2024-11-21 | 9.8 Critical |
| SQL injection vulnerability in the CIGESv2 system, through /ajaxSubServicios.php, in the 'idServicio' parameter. The exploitation of this vulnerability could allow a remote user to retrieve all data stored in the database by sending a specially crafted SQL query. | ||||
| CVE-2024-2722 | 1 Ciges | 1 Cigesv2 | 2024-11-21 | 9.8 Critical |
| SQL injection vulnerability in the CIGESv2 system, through /ajaxConfigTotem.php, in the 'id' parameter. The exploitation of this vulnerability could allow a remote user to retrieve all data stored in the database by sending a specially crafted SQL query. | ||||
| CVE-2024-8161 | 1 Ciges | 1 Cigesv2 | 2024-08-26 | 9.8 Critical |
| SQL injection vulnerability in ATISolutions CIGES affecting versions lower than 2.15.5. This vulnerability allows a remote attacker to send a specially crafted SQL query to the /modules/ajaxServiciosCentro.php point in the idCentro parameter and retrieve all the information stored in the database. | ||||
Page 1 of 1.