Login Sign Up

CVE-2024-2722

9.8 CRITICAL
SQL Injection

📋 TL;DR

This SQL injection vulnerability in the CIGESv2 system allows remote attackers to execute arbitrary SQL commands through the 'id' parameter in /ajaxConfigTotem.php. Successful exploitation could lead to complete database compromise, exposing all stored data. Organizations using CIGESv2 systems are affected.

💻 Affected Systems

Products:
  • CIGESv2
Versions: All versions prior to patch
Operating Systems: Any OS running CIGESv2
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability exists in default configuration through the ajaxConfigTotem.php endpoint.

📦 What is this software?

Ciges by Atisoluciones

View all CVEs affecting Ciges →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database compromise leading to data theft, data manipulation, or system takeover via SQL injection to execute arbitrary commands.

🟠

Likely Case

Unauthorized access to sensitive database information including user credentials, personal data, and system configuration.

🟢

If Mitigated

Limited data exposure if proper input validation and database permissions are enforced.

🌐 Internet-Facing: HIGH
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

SQL injection vulnerabilities are commonly weaponized and this appears to be a straightforward parameter injection.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check vendor advisory for specific patched version

Vendor Advisory: https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cigesv2-system

Restart Required: Yes

Instructions:

1. Review vendor advisory at provided URL
2. Apply recommended patches from vendor
3. Restart affected services
4. Verify fix implementation

🔧 Temporary Workarounds

Input Validation Filter

all

Implement strict input validation for the 'id' parameter to only accept expected values

Modify ajaxConfigTotem.php to validate 'id' parameter using prepared statements or whitelist validation

Web Application Firewall Rules

all

Deploy WAF rules to block SQL injection patterns targeting the vulnerable endpoint

Configure WAF to block requests containing SQL keywords in the 'id' parameter

🧯 If You Can't Patch

  • Implement network segmentation to restrict access to vulnerable endpoint
  • Deploy database monitoring to detect unusual SQL queries

🔍 How to Verify

Check if Vulnerable:

Test the /ajaxConfigTotem.php endpoint with SQL injection payloads in the 'id' parameter

Check Version:

Check CIGESv2 version through system administration interface or configuration files

Verify Fix Applied:

Verify that SQL injection attempts no longer succeed and that prepared statements are implemented

📡 Detection & Monitoring

Log Indicators:

  • Unusual SQL queries in database logs
  • Multiple failed login attempts from single IP
  • Requests to ajaxConfigTotem.php with SQL keywords in parameters

Network Indicators:

  • Unusual traffic patterns to ajaxConfigTotem.php endpoint
  • SQL error messages in HTTP responses

SIEM Query:

source="web_logs" AND url="/ajaxConfigTotem.php" AND (param="id" AND value CONTAINS "UNION" OR value CONTAINS "SELECT" OR value CONTAINS "OR 1=1")

📊 Metadata

CVE ID: CVE-2024-2722
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-89
Published: March 22, 2024
Last Updated: October 15, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-2722, you might also want to check these:

CVE-2024-8522 10.0

This vulnerability allows unauthenticated attackers to perform SQL injection attacks on WordPress si...

Same vulnerability type (CWE-89)
CVE-2024-13152 10.0

This SQL injection vulnerability in BSS Software's Mobuy Online Machinery Monitoring Panel allows at...

Same vulnerability type (CWE-89)
CVE-2021-42311 10.0

CVE-2021-42311 is a critical SQL injection vulnerability in Microsoft Defender for IoT that allows r...

Same vulnerability type (CWE-89)