CVE-2025-41007 PUBLISHED

SQL Injection in Cuantis

Assigner: INCIBE
Reserved: 16.04.2025 Published: 23.03.2026 Updated: 23.03.2026

SQL Injection in Cuantis. This vulnerability allows an attacker to retrieve, create, update and delete databases through the 'search' parameter in the '/search.php' endpoint.

Metrics

CVSS Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
CVSS Score: 9.3

Product Status

Vendor Cuantis
Product Cuantis
Versions Default: unaffected
  • Version All versions is affected

Solutions

There is no solution reported at this time.

Credits

  • Gonzalo Aguilar García (6h4ack) finder

References

Problem Types

  • CWE-89 Improper neutralization of special elements used in an SQL command ('SQL injection') CWE