Every CVE whose affected-product data names Atisoluciones Ciges, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (7)
CVE-2024-2722 — CVSS 9.8 (critical): SQL injection vulnerability in the CIGESv2 system, through /ajaxConfigTotem.php, in the 'id' parameter. The exploitation of this…
CVE-2024-2723 — CVSS 9.8 (critical): SQL injection vulnerability in the CIGESv2 system, through /ajaxSubServicios.php, in the 'idServicio' parameter. The exploitation of this…
CVE-2024-2724 — CVSS 9.8 (critical): SQL injection vulnerability in the CIGESv2 system, through /ajaxServiciosAtencion.php, in the 'idServicio' parameter. The exploitation of…
CVE-2024-2725 — CVSS 7.5 (high): Information exposure vulnerability in the CIGESv2 system. A remote attacker might be able to access /vendor/composer/installed.json and…
CVE-2024-2726 — CVSS 6.1 (medium): Stored Cross-Site Scripting (Stored-XSS) vulnerability affecting the CIGESv2 system, allowing an attacker to execute and store malicious…
CVE-2024-2727 — CVSS 6.1 (medium): HTML injection vulnerability affecting the CIGESv2 system, which allows an attacker to inject arbitrary code and modify elements of the…
CVE-2024-2728 — CVSS 4.1 (medium): Information exposure vulnerability in the CIGESv2 system. This vulnerability could allow a local attacker to intercept traffic due to the…