{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-1751", "assignerOrgId": "68e1e1d3-5247-4d65-9f39-ef1a02cf571e", "state": "PUBLISHED", "assignerShortName": "ATIS", "dateReserved": "2025-02-27T11:17:37.585Z", "datePublished": "2025-02-27T12:03:10.610Z", "dateUpdated": "2025-02-27T14:42:34.087Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "CIGES", "vendor": "ATISoluciones", "versions": [{"status": "affected", "version": "2.15.5"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Gonzalo Aguilar Garcia (6h4ack)"}], "datePublic": "2025-02-27T11:40:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<div><div>A SQL Injection vulnerability has been found in Ciges 2.15.5 from ATISoluciones. This vulnerability allows an attacker to retrieve, create, update and delete database via $idServicio parameter in /modules/ajaxBloqueaCita.php endpoint.</div></div>"}], "value": "A SQL Injection vulnerability has been found in Ciges 2.15.5 from ATISoluciones. This vulnerability allows an attacker to retrieve, create, update and delete database via $idServicio parameter in /modules/ajaxBloqueaCita.php endpoint."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-89", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "68e1e1d3-5247-4d65-9f39-ef1a02cf571e", "shortName": "ATIS", "dateUpdated": "2025-02-27T12:03:10.610Z"}, "references": [{"url": "https://www.atisoluciones.com/incidentes-cve"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "All functions involved in <code>ajaxBloqueoCita.php</code> are reviewed, and some queries that cause this vulnerability are found. Prepared statements are then implemented in all of them.\n\nA new version of the software, v2.15.6, has been released to address the detected vulnerabilities.\n\n<br>"}], "value": "All functions involved in ajaxBloqueoCita.php are reviewed, and some queries that cause this vulnerability are found. Prepared statements are then implemented in all of them.\n\nA new version of the software, v2.15.6, has been released to address the detected vulnerabilities."}], "source": {"discovery": "EXTERNAL"}, "title": "SQL Injection CIGES", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-02-27T14:42:22.003408Z", "id": "CVE-2025-1751", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-27T14:42:34.087Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-1751", "assignerOrgId": "68e1e1d3-5247-4d65-9f39-ef1a02cf571e", "state": "PUBLISHED", "assignerShortName": "ATIS", "dateReserved": "2025-02-27T11:17:37.585Z", "datePublished": "2025-02-27T12:03:10.610Z", "dateUpdated": "2025-02-27T14:42:34.087Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "CIGES", "vendor": "ATISoluciones", "versions": [{"status": "affected", "version": "2.15.5"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Gonzalo Aguilar Garcia (6h4ack)"}], "datePublic": "2025-02-27T11:40:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<div><div>A SQL Injection vulnerability has been found in Ciges 2.15.5 from ATISoluciones. This vulnerability allows an attacker to retrieve, create, update and delete database via $idServicio parameter in /modules/ajaxBloqueaCita.php endpoint.</div></div>"}], "value": "A SQL Injection vulnerability has been found in Ciges 2.15.5 from ATISoluciones. This vulnerability allows an attacker to retrieve, create, update and delete database via $idServicio parameter in /modules/ajaxBloqueaCita.php endpoint."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-89", "description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "68e1e1d3-5247-4d65-9f39-ef1a02cf571e", "shortName": "ATIS", "dateUpdated": "2025-02-27T12:03:10.610Z"}, "references": [{"url": "https://www.atisoluciones.com/incidentes-cve"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "All functions involved in <code>ajaxBloqueoCita.php</code> are reviewed, and some queries that cause this vulnerability are found. Prepared statements are then implemented in all of them.\n\nA new version of the software, v2.15.6, has been released to address the detected vulnerabilities.\n\n<br>"}], "value": "All functions involved in ajaxBloqueoCita.php are reviewed, and some queries that cause this vulnerability are found. Prepared statements are then implemented in all of them.\n\nA new version of the software, v2.15.6, has been released to address the detected vulnerabilities."}], "source": {"discovery": "EXTERNAL"}, "title": "SQL Injection CIGES", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-1751", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-02-27T14:42:22.003408Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-27T14:42:27.698Z"}}]}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A SQL Injection vulnerability has been found in Ciges 2.15.5 from ATISoluciones. This vulnerability allows an attacker to retrieve, create, update and delete database via $idServicio parameter in /modules/ajaxBloqueaCita.php endpoint."}], "id": "CVE-2025-1751", "lastModified": "2025-02-27T12:15:35.030", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "68e1e1d3-5247-4d65-9f39-ef1a02cf571e", "type": "Secondary"}]}, "published": "2025-02-27T12:15:35.030", "references": [{"source": "68e1e1d3-5247-4d65-9f39-ef1a02cf571e", "url": "https://www.atisoluciones.com/incidentes-cve"}], "sourceIdentifier": "68e1e1d3-5247-4d65-9f39-ef1a02cf571e", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "68e1e1d3-5247-4d65-9f39-ef1a02cf571e", "type": "Secondary"}]}

{}