CVE-2025-41376

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions Gandia Integra Total versions 2.1.2217.3 through 4.4.2236.1

Description A SQL injection issue exists in Gandia Integra Total. An authenticated attacker can retrieve, create, update, and delete databases through the idestudio parameter in the /encuestas/integraweb[ v4]/integra/html/view/consultacuotasred.php API endpoint.

Recommendations Versions prior to 2.1.2217.3 are recommended. Versions between 2.1.2217.3 and 4.4.2236.1 are recommended to be updated.

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89CWE-93

Related Identifiers

CVE-2025-41376

Affected Products

Gandia Integra Total

CVE-2025-41376

Weakness Enumeration

Related Identifiers

Affected Products

References · 6