CVE-2025-41374

HIGH

Gandia Integra Total 2.1.2217.3-4.4.2236.1 - Authenticated SQL Injection via idestudio Parameter

Title source: llm

Description

A SQL injection vulnerability has been found in Gandia Integra Total of TESI from version 2.1.2217.3 to v4.4.2236.1. The vulnerability allows an authenticated attacker to retrieve, create, update and delete databases through the 'idestudio' parameter in /encuestas/integraweb[_v4]/integra/html/view/hislistadoacciones.php.

References (1)

Core 1

Core References

Third Party Advisory

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-gandia-integra-total-tesi

Scores

CVSS v3 8.8

EPSS 0.0054

EPSS Percentile 41.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-89

Status published

Products (1)

tesigandia/gandia_integra_total 2.1.2217.3 - 4.4.2236.1

Published Aug 01, 2025

Tracked Since Feb 18, 2026