SQL Injection Vulnerability in Gandia Integra Total by TESI
CVE-2025-41373
8.7HIGH
What is CVE-2025-41373?
A SQL injection vulnerability has been identified in Gandia Integra Total, affecting versions from 2.1.2217.3 to 4.4.2236.1. An attacker with valid authentication can exploit this weakness via the 'idestudio' parameter in the file /encuestas/integraweb[_v4]/integra/html/view/hislistadoacciones.php. This allows the attacker to manipulate databases by retrieving, creating, updating, or deleting records, which poses significant risks to data integrity and confidentiality.
Affected Version(s)
Gandia Integra Total 2.1.2217.3 < 4.4.2236.1