CVE-2024-48325

{"id": "CVE-2024-48325", "cveTags": [], "metrics": {}, "published": "2024-11-06T23:15:04.367", "references": [{"url": "https://github.com/osvaldotenorio/cve-2024-48325", "source": "cve@mitre.org"}], "vulnStatus": "Received", "descriptions": [{"lang": "en", "value": "Portabilis i-Educar 2.8.0 is vulnerable to SQL Injection in the \"getDocuments\" function of the \"InstituicaoDocumentacaoController\" class. The \"instituicao_id\" parameter in \"/module/Api/InstituicaoDocumentacao?oper=get&resource=getDocuments&instituicao_id\" is not properly sanitized, allowing an unauthenticated remote attacker to inject malicious SQL commands."}], "lastModified": "2024-11-06T23:15:04.367", "sourceIdentifier": "cve@mitre.org"}