EUVD-2025-5319

Malicious code in bioql PyPI...

PT-2025-8934 · Ciges · Ciges

Name of the Vulnerable Software and Affected Versions: Ciges version 2.15.5 Description: A SQL Injection vulnerability has been found in Ciges, allowing an attacker to retrieve, create, update, and delete database entries via the $idServicio parameter in the /modules/ajaxBloqueaCita.php endpoint...

Ciges SQL注入漏洞

Ciges is an application from Ciges Inc. A security vulnerability exists in Ciges version 2.15.5. An attacker exploiting this vulnerability can retrieve, create, update, and delete databases via the $idServicio parameter in the /modules/ajaxBloqueaCita.php endpoint...

CVE-2024-2723

SQL injection vulnerability in the CIGESv2 system, through /ajaxSubServicios.php, in the 'idServicio' parameter. The exploitation of this vulnerability could allow a remote user to retrieve all data stored in the database by sending a specially crafted SQL query...

CVE-2024-2724

CVE-2024-2724 affects the CIGESv2 system via SQL injection in the /ajaxServiciosAtencion.php endpoint, in the idServicio parameter. A remote attacker could use a crafted SQL query to retrieve all data from the database. Documented impact is data exposure (Confidentiality: HIGH); no exploits are d...

CVE-2024-2723

CVE-2024-2723 is a SQL injection in the CIGESv2 system, exploited via the /ajaxSubServicios.php endpoint’s idServicio parameter. This allows a remote attacker to retrieve all data stored in the database. No exploitation details are provided in the documents. Some sources note no public fix inform...