CNNVD-202508-039 Information

CNNVD ID

CNNVD-202508-039

Related CVE

CVE-2025-41372

• CNNVD Published: 2025-08-01

Description (Chinese)

TESI Gandia Integra Total是西班牙TESI公司的一款基于Web的在线调查和数据分析系统。 TESI Gandia Integra Total 2.1.2217.3至4.4.2236.1版本存在SQL注入漏洞，该漏洞源于文件/encuestas/integraweb[_v4]/integra/html/view/informe_campo_entrevistas.php中参数idestudio存在SQL注入，可能导致数据库操作。

Description (English)

TESI Gandia Integra Total is a Web-based web-based survey and data analysis system for TESI in Spain. There is a SQL-injection loophole in TESI Gandia Integra Total 2.1.2217.3 to 4.4.2236.1, which is derived from the SQL injection of the parameter idestudio in document/encuestas/integraweb[ v4]/integra/html/view/informe campo entrevistas.php, which may lead to the operation of the database.

Hazard Level

Low

Vulnerability Type

SQL注入

Affected Vendor

TESI

Published

2025-08-01

Last Modified

2026-02-24

References

https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-gandia-integra-total-tesi

Patch

https://tesigandia.com/