SQL injection vulnerability in Gescen

Posted date 03/05/2024
5 - Critical
Affected Resources

Gescen, 2023 version.


INCIBE has coordinated the publication of a vulnerability of critical severity that affects Gescen version 2023, an educational platform created by the software development team of Centros Digitales, which has been discovered by Alberto Gasulla.

This vulnerability has been assigned the following code, base score CVSS v3.1, CVSS vector and vulnerability type CWE:

  • CVE-2024-4466: 9.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | CWE-89.

The vulnerability has been fixed in the latest version of the product.


CVE-2024-4466: SQL injection vulnerability in Gescen on the centrosdigitales.net platform. This vulnerability allows an attacker to send a specially crafted SQL query to the pass parameter and retrieve all the data stored in the database.

References list