CVE-2024-8161

Summary

CVE-2024-8161 is a critical SQL injection vulnerability found in ATISolutions CIGES, affecting versions prior to 2.15.5, which allows remote attackers to execute specially crafted SQL queries via the /modules/ajaxServiciosCentro.php endpoint. This vulnerability can lead to the exposure of sensitive database information, posing high risks to confidentiality and integrity, as well as significant impacts on availability. Affected products include x-PIoo, x-PQNN, x-PxZ-, x-PxZ9, and x-PxZ8, with an exploitability score of 3.9 and a base severity rating of 9.8 according to CVSS v3.1 metrics. To remediate this issue, users are advised to upgrade their CIGES versions to 2.15.5 or higher to mitigate the risk of exploitation. The attack does not require user interaction or special privileges, indicating a low complexity for potential attackers.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.