Portabilis i-Educar 2.8.0 is vulnerable to SQL Injection in the "getDocuments" function of the "InstituicaoDocumentacaoController" class. The "instituicao_id" parameter in "/module/Api/InstituicaoDocumentacao?oper=get&resource=getDocuments&instituicao_id" is not properly sanitized, allowing an unauthenticated remote attacker to inject malicious SQL commands.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://github.com/osvaldotenorio/cve-2024-48325 |
History
Thu, 07 Nov 2024 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Portabilis
Portabilis i-educar |
|
Weaknesses | CWE-89 | |
CPEs | cpe:2.3:a:portabilis:i-educar:*:*:*:*:*:*:*:* | |
Vendors & Products |
Portabilis
Portabilis i-educar |
|
Metrics |
cvssV3_1
|
Wed, 06 Nov 2024 23:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Portabilis i-Educar 2.8.0 is vulnerable to SQL Injection in the "getDocuments" function of the "InstituicaoDocumentacaoController" class. The "instituicao_id" parameter in "/module/Api/InstituicaoDocumentacao?oper=get&resource=getDocuments&instituicao_id" is not properly sanitized, allowing an unauthenticated remote attacker to inject malicious SQL commands. | |
References |
|
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2024-11-06T00:00:00
Updated: 2024-11-07T15:10:25.146Z
Reserved: 2024-10-08T00:00:00
Link: CVE-2024-48325
Vulnrichment
Updated: 2024-11-07T15:09:36.895Z
NVD
Status : Awaiting Analysis
Published: 2024-11-06T23:15:04.367
Modified: 2024-11-08T19:01:25.633
Link: CVE-2024-48325
Redhat
No data.