CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-48761: The specific component in Celk Saude 3.1.252.1 that processes user input and returns error messages to the client is vulnerable due to improper...

Description

The specific component in Celk Saude 3.1.252.1 that processes user input and returns error messages to the client is vulnerable due to improper validation or sanitization of the "erro" parameter. This parameter appears as a response when incorrect credentials are entered during login. The lack of proper validation or sanitization makes the component susceptible to injection attacks, potentially allowing attackers to manipulate the input and exploit the system.

Classification

CVE ID: CVE-2024-48761

Affected Products

Vendor: n/a

Product: n/a

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.77% (scored less or equal to compared to others)

EPSS Date: 2025-02-28 (when was this score calculated)

References

https://github.com/gabriel-bri/vulnerability-research/tree/main/CVE-2024-48761

Timeline

2025-01-30 08:58:43 UTC
CVE

The specific component in Celk Saude 3.1.252.1 that processes user input and returns error messages to the client is vulnerable due to improper...