CVE-2025-41376

Medium

CRLF Injection vulnerability in Limesurvey v2.65.1+170522. This vulnerability could allow a remote attacker to inject arbitrary HTTP…

INCIBE·CWE-93·Published 2025-08-01

CVSS

5.3

EPSS

0.00

KEV

Exploits

cve.orgen

257 chars

CRLF Injection vulnerability in Limesurvey v2.65.1+170522. This vulnerability could allow a remote attacker to inject arbitrary HTTP headers and perform HTTP response splitting attacks via '/index.php/survey/index/sid/<SID>/token/fwyfw%0d%0aCookie:%20POC'.

NVDen

257 chars

NVDes

348 chars

Se ha detectado una vulnerabilidad de inyección SQL en Gandia Integra Total of TESI, desde la versión 2.1.2217.3 hasta la v4.4.2236.1. Esta vulnerabilidad permite a un atacante autenticado recuperar, crear, actualizar y eliminar bases de datos mediante el parámetro 'idestudio' en /encuestas/integraweb[_v4]/integra/html/view/consultacuotasred.php.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	NVD	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
4.0	Primary	cve.org	5.1	—	—	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N