CVE-2025-41007
CriticalSummary
SQL Injection vulnerability in Cuantis allows an attacker to retrieve, create, update, and delete databases through the 'search' parameter in the '/search.php' endpoint.
Risk Assessment
Exploitation of this vulnerability may lead to unauthorized access to data and its modification, posing a serious threat to the integrity and confidentiality of information within the organization.
Recommendation
It is recommended to implement input validation and sanitization for the 'search' parameter, as well as to restrict database permissions to minimize the risk associated with this vulnerability.
Original NVD description (English source)
SQL Injection in Cuantis. This vulnerability allows an attacker to retrieve, create, update and delete databases through the 'search' parameter in the '/search.php' endpoint.

