CVE-2025-41373

HIGH

Tesigandia Gandia Integra Total < 4.4.2236.1 - SQL Injection

Title source: rule

Description

A SQL injection vulnerability has been found in Gandia Integra Total of TESI from version 2.1.2217.3 to v4.4.2236.1. The vulnerability allows an authenticated attacker to retrieve, create, update and delete databases through the 'idestudio' parameter in /encuestas/integraweb[_v4]/integra/html/view/hislistadoacciones.php.

Exploits (2)

exploitdb WORKING POC

by Byte Reaper · cwebappsmultiple

https://www.exploit-db.com/exploits/52388

View Code ZIP pw:eip

nomisec WORKING POC 1 stars

by byteReaper77 · poc

https://github.com/byteReaper77/CVE-2025-41373

View Code ZIP pw:eip

References (1)

[Third Party Advisory] https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-gandia-integra-total-tesi

Scores

CVSS v3 8.8

EPSS 0.0008

EPSS Percentile 24.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-89

Status published

Products (1)

tesigandia/gandia_integra_total 2.1.2217.3 - 4.4.2236.1

Published Aug 01, 2025

Tracked Since Feb 18, 2026