Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

SQL Injection in Sinturno

Posted date 23/03/2026
Identificador
INCIBE-2026-215
Importance
5 - Critical
Affected Resources

Sinturno.

Description

INCIBE has coordinated the publication of a critical vulnerability affecting Sinturno, an online appointment management system. The vulnerability was discovered by Gonzalo Aguilar García (6h4ack).

This vulnerability has been assigned the following code, CVSS v4.0 base score, CVSS vector, and CWE vulnerability type:

  • CVE-2025-41008: CVSS v4.0: 9.3 | CVSS AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N | CWE-89
Solution

There is no solution at this moment.

Detail

CVE-2025-41008: SQL injection vulnerability in Sinturno. This vulnerability allows an attacker to retrieve, create, update, and delete databases through the 'client' parameter in the '/_adm/scripts/modalReport_data.php' endpoint.

CVE
Identificador CVE Severidad Explotación Fabricante
CVE-2025-41008 Crítica No Sinturno
References list
Página web de Sinturno
Etiquetas