PatchSiren

Cuantis CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

CRITICAL Cuantis CVE published 2026-03-23

CVE-2025-41007

A critical SQL injection vulnerability in Cuantis allows unauthenticated remote attackers to execute arbitrary SQL commands via the 'search' parameter in /search.php, enabling full database compromise including retrieval, creation, modification, and deletion of data. The vulnerability was disclosed by INCIBE-CERT and carries a CVSS 4.0 score of 9.3 (Critical). No known exploitation in ransomware campaigns [truncated]