CVE-2025-41373
published 2025-08-01CVE-2025-41373: A SQL injection vulnerability has been found in Gandia Integra Total of TESI from version 2.1.2217.3 to v4.4.2236.1. The vulnerability allows an authenticated…
PriorityP261high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EXPLOIT
EPSS
1.00%
58.4th percentile
A SQL injection vulnerability has been found in Gandia Integra Total of TESI from version 2.1.2217.3 to v4.4.2236.1. The vulnerability allows an authenticated attacker to retrieve, create, update and delete databases through the 'idestudio' parameter in /encuestas/integraweb[_v4]/integra/html/view/hislistadoacciones.php.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| tesi | gandia_integra_total | >= 2.1.2217.3 < 4.4.2236.1 | 4.4.2236.1 |
| tesigandia | gandia_integra_total | 2.1.2217.3 – 4.4.2236.1 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Alert on SQL error strings in HTTP responses from the application, including: 'You have an error in your SQL syntax', 'Warning: mysql', 'PDOException', 'Incorrect syntax near', 'SQLSTATE', 'ORA-01756', 'ORA-00933' — these indicate successful injection triggering a database error. ↗
- →Detect time-based blind SQLi attempts by monitoring for anomalously delayed responses (>=3-4 seconds) on the vulnerable endpoint, consistent with SLEEP(4) or WAITFOR DELAY payloads. ↗
- →The exploit sends requests with User-Agent 'sqlmap'; correlate this UA with requests to the vulnerable path as a high-confidence indicator of automated exploitation. ↗
- →The vulnerability is exploitable by authenticated users only; correlate SQLi attempts on this path with valid session cookies to identify compromised or malicious authenticated accounts. ↗
- ·Affected versions span 2.1.2217.3 through 4.4.2236.1; the exploit PoC targets the integraweb_v4 path variant, but the NVD advisory also references the non-v4 path (/encuestas/integraweb/...), so detection rules should cover both path variants. ↗
- ·The exploit PoC uses URL-encoded payloads via curl_easy_escape; detection signatures must decode URL encoding before matching SQL injection patterns in the idestudio parameter. ↗
- ·Affected versions range from 2.1.2217.3 to v4.4.2236.1; ensure version-based detection or patching targets this full range. ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv4.08.7HIGHCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
2025-08-01
Published