The CIGESv2 system is currently plagued by a critical SQL injection vulnerability, situated within the ‘/ajaxConfigTotem.php’ endpoint and targeting the ‘id’ parameter. This vulnerability perpetuates a substantial risk, as it facilitates a remote user’s ability to execute specially crafted SQL queries, thereby granting access to retrieve all data stored in the database. The severity of this vulnerability is accentuated by the high base score of 9.8, categorized as critical, necessitating urgent action to mitigate the potential exploitation and safeguard the integrity of the system’s data. Organizations and individuals are advised to promptly access the provided advisory from the Spanish National Cybersecurity Institute, S.A. (INCIBE) to obtain detailed information on this security vulnerability and actionable guidance for remediation.
Immediate action is imperative to address and mitigate this vulnerability effectively. Organizations utilizing CIGESv2 are strongly advised to implement the necessary security measures promptly to prevent potential exploitation of this vulnerability. For detailed information on this security risk and guidance for remediation, users are encouraged to refer to the advisory provided by the Spanish National Cybersecurity Institute, S.A. (INCIBE).
