CVE-2024-3704

SQL Injection Vulnerability has been found on OpenGnsys product affecting version 1.1.1d (Espeto). This vulnerability allows an attacker to inject malicious SQL code into login page to bypass it or even retrieve all the information stored in the database.

CVSS v3 9.8 CRITICAL

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://opengnsys.es/web/parche-de-seguridad-cve-2024-370x	Vendor Advisory
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-opengnsys	Third Party Advisory
https://opengnsys.es/web/parche-de-seguridad-cve-2024-370x	Vendor Advisory
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-opengnsys	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:opengnsys:opengnsys:1.1.1d:*:*:*:*:*:*:*

History

04 Nov 2025, 18:33

Type	Values Removed	Values Added
First Time		Opengnsys Opengnsys opengnsys
CPE		cpe:2.3:a:opengnsys:opengnsys:1.1.1d:::::::*
References	~~() https://opengnsys.es/web/parche-de-seguridad-cve-2024-370x -~~	() https://opengnsys.es/web/parche-de-seguridad-cve-2024-370x - Vendor Advisory
References	~~() https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-opengnsys -~~	() https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-opengnsys - Third Party Advisory

Information

Published : 2024-04-12 14:15

Updated : 2025-11-04 18:33

NVD link : CVE-2024-3704

Mitre link : CVE-2024-3704

CVE.ORG link : CVE-2024-3704

JSON object : View

Products Affected

opengnsys

opengnsys

CWE

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

{"id": "CVE-2024-3704", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cve-coordination@incibe.es", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2024-04-12T14:15:08.743", "references": [{"url": "https://opengnsys.es/web/parche-de-seguridad-cve-2024-370x", "tags": ["Vendor Advisory"], "source": "cve-coordination@incibe.es"}, {"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-opengnsys", "tags": ["Third Party Advisory"], "source": "cve-coordination@incibe.es"}, {"url": "https://opengnsys.es/web/parche-de-seguridad-cve-2024-370x", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-opengnsys", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "cve-coordination@incibe.es", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "SQL Injection Vulnerability has been found on OpenGnsys product affecting version 1.1.1d (Espeto). This vulnerability allows an attacker to inject malicious SQL code into login page to bypass it or even retrieve all the information stored in the database."}, {"lang": "es", "value": "Se ha encontrado una vulnerabilidad de inyecci\u00f3n SQL en el producto OpenGnsys que afecta la versi\u00f3n 1.1.1d (Espeto). Esta vulnerabilidad permite a un atacante inyectar c\u00f3digo SQL malicioso en la p\u00e1gina de inicio de sesi\u00f3n para evitarla o incluso recuperar toda la informaci\u00f3n almacenada en la base de datos."}], "lastModified": "2025-11-04T18:33:49.640", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:opengnsys:opengnsys:1.1.1d:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "01BCA877-074D-4F9B-B82F-6D23F111F9C6"}], "operator": "OR"}]}], "sourceIdentifier": "cve-coordination@incibe.es"}