CVE-2024-48325
Nov. 6, 2024, 11:15 p.m.
Tags
Product(s) Impacted
Portabilis i-Educar
- 2.8.0
Description
Portabilis i-Educar 2.8.0 is vulnerable to SQL Injection in the "getDocuments" function of the "InstituicaoDocumentacaoController" class. The "instituicao_id" parameter in "/module/Api/InstituicaoDocumentacao?oper=get&resource=getDocuments&instituicao_id" is not properly sanitized, allowing an unauthenticated remote attacker to inject malicious SQL commands.
Weaknesses
Date
Published: Nov. 6, 2024, 11:15 p.m.
Last Modified: Nov. 6, 2024, 11:15 p.m.
Status : Received
CVE has been recently published to the CVE List and has been received by the NVD.
More infoSource
cve@mitre.org