Sinturno
Monthly
A SQL injection vulnerability exists in Sinturno that allows unauthenticated or low-privileged attackers to execute arbitrary SQL commands through the 'client' parameter in the '/_adm/scripts/modalReport_data.php' endpoint. This vulnerability enables complete database compromise including retrieval, creation, updating, and deletion of database objects. The vulnerability was reported by INCIBE and affects all versions of Sinturno; no CVSS score, EPSS data, or KEV status has been published, but the ability to perform CRUD operations on databases represents critical severity regardless of formal scoring.
A SQL injection vulnerability exists in Sinturno that allows unauthenticated or low-privileged attackers to execute arbitrary SQL commands through the 'client' parameter in the '/_adm/scripts/modalReport_data.php' endpoint. This vulnerability enables complete database compromise including retrieval, creation, updating, and deletion of database objects. The vulnerability was reported by INCIBE and affects all versions of Sinturno; no CVSS score, EPSS data, or KEV status has been published, but the ability to perform CRUD operations on databases represents critical severity regardless of formal scoring.