Name of the Vulnerable Software and Affected Versions:

Gandia Integra Total TESI versions 2.1.2217.3 through 4.4.2236.1

Description:

A SQL injection vulnerability exists in Gandia Integra Total TESI. The vulnerability allows an authenticated attacker to retrieve, create, update, and delete databases through the `idestudio` parameter in `/encuestas/integraweb[ v4]/integra/html/view/hislistadoacciones.php`.

Recommendations:

Versions 2.1.2217.3 through 4.4.2236.1 are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.