CVE-2025-41370

Name of the Vulnerable Software and Affected Versions Gandia Integra Total TESI versions 2.1.2217.3 through 4.4.2236.1

Description A SQL injection vulnerability exists in Gandia Integra Total TESI. The vulnerability allows an authenticated attacker to retrieve, create, update, and delete databases. The vulnerability is located in the idestudio parameter within the /encuestas/integraweb/html/view/acceso.php API endpoint.

Recommendations Versions 2.1.2217.3 through 4.4.2236.1 are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.