A computer vulnerability in the Generalitat of Catalonia, of at least three of its web pages, reveals 5,000 records with email accounts and passwords

A computer vulnerability in the Generalitat of Catalonia, of at least three of its web pages, reveals 5,000 records with email accounts and passwords, according to Vozpópuli.
The security failure is SQL Injection type, it occurs as a consequence of the development of web or mobile applications without taking the necessary security measures.
The IT service of the Generalitat continues to investigate to detect if there has been data theft or not.
The Generalitat of Catalonia has declared to Vozpópuli: “All the affected websites have been unpublished on Thursday, November 19, in order to correct the vulnerabilities. None of the reported websites is listed as a critical system and, therefore, did not contain critical or sensitive data (personal data, medical data, etc.). An investigation has been opened to determine whether or not there has been an exploitation of a said vulnerability that could have led to an exploitation of said data by third parties. As of today, we cannot conclude if the existence of said vulnerability has led to a cybersecurity incident or not "
The cybersecurity expert and bug hunter, Touseef Gul, was the one who discovered these vulnerabilities and declared: “We are talking about a code inserted in the mentioned websites that were out of date. This could allow a third party to inject other lines of code to take control of certain parts of the web pages ”. The problem is the same that the Vueling company suffered a few months ago.
