exploitDog

CVE-2025-41370

Опубликовано: 01 авг. 2025

Источник: nvd

CVSS3: 8.8

EPSS Низкий

Описание

A SQL injection vulnerability has been found in Gandia Integra Total of TESI from version 2.1.2217.3 to v4.4.2236.1. The vulnerability allows an authenticated attacker to retrieve, create, update and delete databases through the 'idestudio' parameter in /encuestas/integraweb/html/view/acceso.php.

Ссылки

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-gandia-integra-total-tesi
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:tesigandia:gandia_integra_total:*:*:*:*:*:*:*:*

Версия от 2.1.2217.3 (включая) до 4.4.2236.1 (включая)

EPSS

Процентиль: 10%

0.00035

Низкий

8.8 High

CVSS3

Дефекты

CWE-89

Связанные уязвимости

GHSA-mvqq-3c4v-862v

CVSS3: 8.8

github

6 месяцев назад

A SQL injection vulnerability has been found in Gandia Integra Total of TESI from version 2.1.2217.3 to v4.4.2236.1. The vulnerability allows an authenticated attacker to retrieve, create, update and delete databases through the 'idestudio' parameter in /encuestas/integraweb/html/view/acceso.php.

EPSS

Процентиль: 10%

0.00035

Низкий

8.8 High

CVSS3

Дефекты

CWE-89