CVE-2025-1751

Published Feb 27, 2025

Last updated a month ago

CVSS critical 9.8

Overview

Description
A SQL Injection vulnerability has been found in Ciges 2.15.5 from ATISoluciones. This vulnerability allows an attacker to retrieve, create, update and delete database via $idServicio parameter in /modules/ajaxBloqueaCita.php endpoint.
Source
68e1e1d3-5247-4d65-9f39-ef1a02cf571e
NVD status
Received

Risk scores

CVSS 3.1

Type
Secondary
Base score
9.8
Impact score
5.9
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

68e1e1d3-5247-4d65-9f39-ef1a02cf571e
CWE-89

Social media

Hype score
Not currently trending

  1. 🚨 CVE-2025-1751 ⚠️🔴 CRITICAL (9.8) 🏢 ATISoluciones - CIGES 🏗️ 2.15.5 🔗 https://t.co/j9z4QspKRl #CyberCron #VulnAlert https://t.co/xxCrHyetgX

    @cybercronai

    27 Feb 2025

    7 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. [CVE-2025-1751: CRITICAL] SQL Injection vulnerability discovered in Ciges 2.15.5 by ATISoluciones allows unauthorized database access via $idServicio parameter in /modules/ajaxBloqueaCita.php endpoint.#cybersecurity,#vulnerability https://t.co/BIS8My1FU6 https://t.co/I9A3HL4Tww

    @CveFindCom

    27 Feb 2025

    26 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References