CVE Catalog

CVE-2025-41008

Critical
Published: Translated: NVD NIST

Summary

SQL injection vulnerability in Sinturno allows an attacker to access databases through the 'client' parameter in the '/_adm/scripts/modalReport_data.php' endpoint. The attacker can retrieve, create, update, and delete data in the databases.

Risk Assessment

The risk to the organization includes unauthorized access to sensitive data and potential loss of data integrity. An attacker could exploit this vulnerability to carry out serious attacks on the system.

Recommendation

It is recommended to immediately update Sinturno to the latest version that fixes this vulnerability. Additionally, implementing security mechanisms against SQL injection, such as input validation, is advisable.

Original NVD description (English source)

SQL injection vulnerability in Sinturno. This vulnerability allows an attacker to retrieve, create, update, and delete databases through the 'client' parameter in the '/_adm/scripts/modalReport_data.php' endpoint.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS