{"vulnerability": "CVE-2024-48761", "sightings": [{"uuid": "13a903a2-24bd-42f3-a1f3-b0c9d051bfec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-48761", "type": "seen", "source": "https://bsky.app/profile/cve-notifications.bsky.social/post/3lgvynt5vnm2j", "content": "", "creation_timestamp": "2025-01-29T22:16:02.411907Z"}, {"uuid": "533221d3-7014-4ccb-9ed3-51cb6f581ff9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-48761", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lgwjwrliwc2e", "content": "", "creation_timestamp": "2025-01-30T03:25:16.422459Z"}, {"uuid": "fde2b4fa-ac84-4d31-94b5-839162474b26", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-48761", "type": "seen", "source": "https://infosec.exchange/users/cve/statuses/113913850961492595", "content": "", "creation_timestamp": "2025-01-29T21:50:23.682585Z"}, {"uuid": "01fa8570-2de3-4451-8ba4-6ecbebe93b1b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-48761", "type": "seen", "source": "MISP/ca7dfd4e-d0b5-4d10-8982-36d9f6e53c8e", "content": "", "creation_timestamp": "2025-09-01T13:53:38.000000Z"}, {"uuid": "21c2d8e3-a52f-4d2c-a4ad-9590ff37575f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-48761", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/3429", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-48761\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: The specific component in Celk Saude 3.1.252.1 that processes user input and returns error messages to the client is vulnerable due to improper validation or sanitization of the \"erro\" parameter. This parameter appears as a response when incorrect credentials are entered during login. The lack of proper validation or sanitization makes the component susceptible to injection attacks, potentially allowing attackers to manipulate the input and exploit the system.\n\ud83d\udccf Published: 2025-01-30T00:31:03Z\n\ud83d\udccf Modified: 2025-01-30T00:31:03Z\n\ud83d\udd17 References:\n1. https://nvd.nist.gov/vuln/detail/CVE-2024-48761\n2. https://github.com/gabriel-bri/vulnerability-research/tree/main/CVE-2024-48761", "creation_timestamp": "2025-01-30T01:12:10.000000Z"}, {"uuid": "be14e70e-e4c8-46dd-ad36-5351c174b0a8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-48761", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/7944", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2024-48761\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Reflected XSS vulnerability in Celk Sistemas Celk Saude v.3.1.252.1 allows a remote attacker to inject arbitrary JavaScript code via the \"erro\" parameter.\n\ud83d\udccf Published: 2025-01-29T00:00:00.000Z\n\ud83d\udccf Modified: 2025-03-18T16:59:20.618Z\n\ud83d\udd17 References:\n1. https://github.com/gabriel-bri/vulnerability-research/tree/main/CVE-2024-48761", "creation_timestamp": "2025-03-18T17:48:39.000000Z"}, {"uuid": "ac242795-c215-4ac6-8218-33ac93eead64", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-48761", "type": "seen", "source": "https://t.me/cvedetector/16724", "content": "{\n  \"Source\": \"CVE FEED\",\n  \"Title\": \"CVE-2024-48761 - Celk Saude SQL Injection\", \n  \"Content\": \"CVE ID : CVE-2024-48761 \nPublished : Jan. 29, 2025, 10:15 p.m. | 2\u00a0hours, 11\u00a0minutes ago \nDescription : The specific component in Celk Saude 3.1.252.1 that processes user input and returns error messages to the client is vulnerable due to improper validation or sanitization of the \"erro\" parameter. This parameter appears as a response when incorrect credentials are entered during login. The lack of proper validation or sanitization makes the component susceptible to injection attacks, potentially allowing attackers to manipulate the input and exploit the system. \nSeverity: 0.0 | NA \nVisit the link for more details, such as CVSS details, affected products, timeline, and more...\",\n  \"Detection Date\": \"30 Jan 2025\",\n  \"Type\": \"Vulnerability\"\n}\n\ud83d\udd39 t.me/cvedetector \ud83d\udd39", "creation_timestamp": "2025-01-30T01:43:34.000000Z"}]}