ReportizFlow
Filtered by vendor Atisoluciones
Subscriptions
Filtered by product Ciges
Subscriptions
Total
8 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-13596 | 1 Atisoluciones | 1 Ciges | 2025-11-25 | N/A |
| A sensitive information disclosure vulnerability exists in the error handling component of ATISoluciones CIGES Application version 2.15.6 and earlier. When certain unexpected conditions trigger unhandled exceptions, the application returns detailed error messages and stack traces to the client. This may expose internal filesystem paths, SQL queries, database connection details, or environment configuration data to remote unauthenticated attackers. This issue allows information gathering and reconnaissance but does not enable direct system compromise. | ||||
| CVE-2024-2722 | 2 Atisoluciones, Ciges | 2 Ciges, Cigesv2 | 2025-10-15 | 9.8 Critical |
| SQL injection vulnerability in the CIGESv2 system, through /ajaxConfigTotem.php, in the 'id' parameter. The exploitation of this vulnerability could allow a remote user to retrieve all data stored in the database by sending a specially crafted SQL query. | ||||
| CVE-2024-2723 | 2 Atisoluciones, Ciges | 2 Ciges, Cigesv2 | 2025-10-15 | 9.8 Critical |
| SQL injection vulnerability in the CIGESv2 system, through /ajaxSubServicios.php, in the 'idServicio' parameter. The exploitation of this vulnerability could allow a remote user to retrieve all data stored in the database by sending a specially crafted SQL query. | ||||
| CVE-2024-2724 | 2 Atisoluciones, Ciges | 2 Ciges, Cigesv2 | 2025-10-15 | 9.8 Critical |
| SQL injection vulnerability in the CIGESv2 system, through /ajaxServiciosAtencion.php, in the 'idServicio' parameter. The exploitation of this vulnerability could allow a remote user to retrieve all data stored in the database by sending a specially crafted SQL query. | ||||
| CVE-2024-2725 | 2 Atisoluciones, Ciges | 2 Ciges, Cigesv2 | 2025-10-15 | 7.5 High |
| Information exposure vulnerability in the CIGESv2 system. A remote attacker might be able to access /vendor/composer/installed.json and retrieve all installed packages used by the application. | ||||
| CVE-2024-2726 | 2 Atisoluciones, Ciges | 2 Ciges, Cigesv2 | 2025-10-15 | 6.1 Medium |
| Stored Cross-Site Scripting (Stored-XSS) vulnerability affecting the CIGESv2 system, allowing an attacker to execute and store malicious javascript code in the application form without prior registration. | ||||
| CVE-2024-2727 | 2 Atisoluciones, Ciges | 2 Ciges, Cigesv2 | 2025-10-15 | 6.1 Medium |
| HTML injection vulnerability affecting the CIGESv2 system, which allows an attacker to inject arbitrary code and modify elements of the website and email confirmation message. | ||||
| CVE-2024-2728 | 2 Atisoluciones, Ciges | 2 Ciges, Cigesv2 | 2025-10-15 | 4.1 Medium |
| Information exposure vulnerability in the CIGESv2 system. This vulnerability could allow a local attacker to intercept traffic due to the lack of proper implementation of the TLS protocol. | ||||
Page 1 of 1.