Описание
A SQL injection vulnerability has been found in Gandia Integra Total of TESI from version 2.1.2217.3 to v4.4.2236.1. The vulnerability allows an authenticated attacker to retrieve, create, update and delete databases through the 'idestudio' parameter in /encuestas/integraweb[_v4]/integra/html/view/informe_campo_entrevistas.php.
Ссылки
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 2.1.2217.3 (включая) до 4.4.2236.1 (включая)
cpe:2.3:a:tesigandia:gandia_integra_total:*:*:*:*:*:*:*:*
EPSS
Процентиль: 10%
0.00035
Низкий
8.8 High
CVSS3
Дефекты
CWE-89
Связанные уязвимости
CVSS3: 8.8
github
6 месяцев назад
A SQL injection vulnerability has been found in Gandia Integra Total of TESI from version 2.1.2217.3 to v4.4.2236.1. The vulnerability allows an authenticated attacker to retrieve, create, update and delete databases through the 'idestudio' parameter in /encuestas/integraweb[_v4]/integra/html/view/informe_campo_entrevistas.php.
EPSS
Процентиль: 10%
0.00035
Низкий
8.8 High
CVSS3
Дефекты
CWE-89