SQL Injection in Cuantis

CVE-2025-41007

SQL Injection in Cuantis. This vulnerability allows an attacker to retrieve, create, update and delete databases through the 'search' parameter in the '/search.php' endpoint.

Vulnerability class: SQL Injection

EPSS: 0.000 (14.3th percentile) — read the EPSS interpretation.

Affected products

Cuantis — versions All versions

Weakness classification (CWE)

CWE-89 — SQL Injection

References

cve-coordination@incibe.es (patch)