Name of the Vulnerable Software and Affected Versions:

Gandia Integra Total TESI versions 2.1.2217.3 through 4.4.2236.1

Description:

A SQL injection vulnerability exists in Gandia Integra Total TESI. The vulnerability allows an authenticated attacker to retrieve, create, update, and delete databases. The vulnerability is located in the `idestudio` parameter within the `/encuestas/integraweb/html/view/acceso.php` API endpoint.

Recommendations:

Versions 2.1.2217.3 through 4.4.2236.1 are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.