Tesi Gandia Integra Total vulnerabilities
7 known vulnerabilities affecting tesi/gandia_integra_total.
Total CVEs
7
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH6MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2025-41373P2HIGHCVSS 8.8PoC≥ 2.1.2217.3, < 4.4.2236.12025-08-01
CVE-2025-41373 [HIGH] CWE-89 CVE-2025-41373: A SQL injection vulnerability has been found in Gandia Integra Total of TESI from version 2.1.2217.3
A SQL injection vulnerability has been found in Gandia Integra Total of TESI from version 2.1.2217.3 to v4.4.2236.1. The vulnerability allows an authenticated attacker to retrieve, create, update and delete databases through the 'idestudio' parameter in /encuestas/integraweb[_v4]/integra/html/view/hislistadoacciones.php.
nvd
CVE-2025-41370P3HIGHCVSS 8.8≥ 2.1.2217.3, < 4.4.2236.12025-08-01
CVE-2025-41370 [HIGH] CWE-89 CVE-2025-41370: A SQL injection vulnerability has been found in Gandia Integra Total of TESI from version 2.1.2217.3
A SQL injection vulnerability has been found in Gandia Integra Total of TESI from version 2.1.2217.3 to v4.4.2236.1. The vulnerability allows an authenticated attacker to retrieve, create, update and delete databases through the 'idestudio' parameter in /encuestas/integraweb/html/view/acceso.php.
nvd
CVE-2025-41371P3HIGHCVSS 8.8≥ 2.1.2217.3, < 4.4.2236.12025-08-01
CVE-2025-41371 [HIGH] CWE-89 CVE-2025-41371: A SQL injection vulnerability has been found in Gandia Integra Total of TESI from version 2.1.2217.3
A SQL injection vulnerability has been found in Gandia Integra Total of TESI from version 2.1.2217.3 to v4.4.2236.1. The vulnerability allows an authenticated attacker to retrieve, create, update and delete databases through the 'idestudio' parameter in /encuestas/integraweb_v4/integra/html/view/acceso.php
nvd
CVE-2025-41374P3HIGHCVSS 8.8≥ 2.1.2217.3, < 4.4.2236.12025-08-01
CVE-2025-41374 [HIGH] CWE-89 CVE-2025-41374: A SQL injection vulnerability has been found in Gandia Integra Total of TESI from version 2.1.2217.3
A SQL injection vulnerability has been found in Gandia Integra Total of TESI from version 2.1.2217.3 to v4.4.2236.1. The vulnerability allows an authenticated attacker to retrieve, create, update and delete databases through the 'idestudio' parameter in /encuestas/integraweb[_v4]/integra/html/view/hislistadoacciones.php.
nvd
CVE-2025-41372P3HIGHCVSS 8.8≥ 2.1.2217.3, < 4.4.2236.12025-08-01
CVE-2025-41372 [HIGH] CWE-89 CVE-2025-41372: A SQL injection vulnerability has been found in Gandia Integra Total of TESI from version 2.1.2217.3
A SQL injection vulnerability has been found in Gandia Integra Total of TESI from version 2.1.2217.3 to v4.4.2236.1. The vulnerability allows an authenticated attacker to retrieve, create, update and delete databases through the 'idestudio' parameter in /encuestas/integraweb[_v4]/integra/html/view/informe_campo_entrevistas.php.
nvd
CVE-2025-41377P3HIGHCVSS 8.7≥ 2.1.2217.3, < 4.4.2236.12025-05-23
CVE-2025-41377 [HIGH] CWE-89 CVE-2025-41377: A SQL injection vulnerability has been found in Gandia Integra Total of TESI from version 2.1.2217.3
A SQL injection vulnerability has been found in Gandia Integra Total of TESI from version 2.1.2217.3 to v4.4.2236.1. The vulnerability allows an authenticated attacker to retrieve, create, update and delete databases through the 'idestudio' parameter in /encuestas/integraweb[_v4]/integra/html/view/consultacuotasred.php.
nvd
CVE-2025-41073P3MEDIUMCVSS 6.5fixed in 4.4.2246.22025-10-23
CVE-2025-41073 [MEDIUM] CWE-22 CVE-2025-41073: Path Traversal vulnerability in version 4.4.2236.1 of TESI Gandia Integra Total. This issue allows a
Path Traversal vulnerability in version 4.4.2236.1 of TESI Gandia Integra Total. This issue allows an authenticated attacker to download a ZIP file containing files from the server, including those located in parent directories (e.g., ..\..\..), by exploiting the “direstudio” parameter in “/encuestas/integraweb[_v4]/integra/html/view/comprimir.php”.
nvd