SQL injection vulnerability in Gescen
Posted date 03/05/2024
Identificador
INCIBE-2024-0223
Importance
5 - Critical
Affected Resources
Gescen, 2023 version.
Description
INCIBE has coordinated the publication of a vulnerability of critical severity that affects Gescen version 2023, an educational platform created by the software development team of Centros Digitales, which has been discovered by Alberto Gasulla.
This vulnerability has been assigned the following code, base score CVSS v3.1, CVSS vector and vulnerability type CWE:
- CVE-2024-4466: 9.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | CWE-89.
Solution
The vulnerability has been fixed in the latest version of the product.
Detail
CVE-2024-4466: SQL injection vulnerability in Gescen on the centrosdigitales.net platform. This vulnerability allows an attacker to send a specially crafted SQL query to the pass parameter and retrieve all the data stored in the database.
References list