Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

SQL Injection in Cuantis

Posted date 02/02/2026
Identificador
INCIBE-2026-214
Importance
5 - Critical
Affected Resources

Cuantis.

Description

INCIBE has coordinated the publication of a critical vulnerability affecting Cuantis, a sales software program. The vulnerability was discovered by Gonzalo Aguilar García (6h4ack).

These vulnerabilities have been assigned the following codes, CVSS v4.0 base score, CVSS vector, and CWE vulnerability type for each vulnerability:

  • CVE-2025-41007: CVSS v4.0: 9.3 | CVSS AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N | CWE-89. 
Solution

There is no solution reported at this time.

Detail

CVE-2025-41007: SQL Injection in Cuantis. This vulnerability allows an attacker to retrieve, create, update and delete databases through the 'search' parameter in the '/search.php' endpoint.

CVE
Identificador CVE Severidad Explotación Fabricante
CVE-2025-41007 Crítica No Cuantis
References list
Página web de Cuanti
Etiquetas