Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2025-24474

Summary
Assigner-fortinet
Assigner Org ID-6abe59d8-c742-4dff-8ce8-9b0ca1073da8
Published At-08 Jul, 2025 | 14:41
Updated At-08 Jul, 2025 | 20:41
Rejected At-
Credits

An Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability [CWE-89] in FortiManager 7.6.0 through 7.6.1, 7.4.0 through 7.4.6, 7.2 all versions, 7.0 all versions, 6.4 all versions; FortiManager Cloud 7.4.1 through 7.4.6, 7.2 all versions, 7.0 all versions, 6.4 all versions; FortiAnalyzer 7.6.0 through 7.6.1, 7.4.0 through 7.4.6, 7.2 all versions, 7.0 all versions, 6.4 all versions; and FortiAnalyzer Cloud 7.4.1 through 7.4.6, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow an authenticated attacker with high privilege to extract database information via crafted requests.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:fortinet
Assigner Org ID:6abe59d8-c742-4dff-8ce8-9b0ca1073da8
Published At:08 Jul, 2025 | 14:41
Updated At:08 Jul, 2025 | 20:41
Rejected At:
â–¼CVE Numbering Authority (CNA)

An Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability [CWE-89] in FortiManager 7.6.0 through 7.6.1, 7.4.0 through 7.4.6, 7.2 all versions, 7.0 all versions, 6.4 all versions; FortiManager Cloud 7.4.1 through 7.4.6, 7.2 all versions, 7.0 all versions, 6.4 all versions; FortiAnalyzer 7.6.0 through 7.6.1, 7.4.0 through 7.4.6, 7.2 all versions, 7.0 all versions, 6.4 all versions; and FortiAnalyzer Cloud 7.4.1 through 7.4.6, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow an authenticated attacker with high privilege to extract database information via crafted requests.

Affected Products
Vendor
Fortinet, Inc.Fortinet
Product
FortiManager
CPEs
  • cpe:2.3:o:fortinet:fortimanager:7.6.1:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortimanager:7.6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortimanager:7.4.6:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortimanager:7.4.5:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortimanager:7.4.4:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortimanager:7.4.3:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortimanager:7.4.2:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortimanager:7.4.1:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortimanager:7.4.0:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortimanager:7.2.10:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortimanager:7.2.9:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortimanager:7.2.8:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortimanager:7.2.7:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortimanager:7.2.6:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortimanager:7.2.5:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortimanager:7.2.4:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortimanager:7.2.3:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortimanager:7.2.2:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortimanager:7.2.1:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortimanager:7.2.0:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortimanager:7.0.14:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortimanager:7.0.13:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortimanager:7.0.12:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortimanager:7.0.11:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortimanager:7.0.10:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortimanager:7.0.9:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortimanager:7.0.8:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortimanager:7.0.7:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortimanager:7.0.6:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortimanager:7.0.5:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortimanager:7.0.4:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortimanager:7.0.3:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortimanager:7.0.2:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortimanager:7.0.1:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortimanager:7.0.0:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortimanager:6.4.15:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortimanager:6.4.14:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortimanager:6.4.13:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortimanager:6.4.12:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortimanager:6.4.11:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortimanager:6.4.10:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortimanager:6.4.9:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortimanager:6.4.8:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortimanager:6.4.7:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortimanager:6.4.6:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortimanager:6.4.5:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortimanager:6.4.4:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortimanager:6.4.3:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortimanager:6.4.2:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortimanager:6.4.1:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortimanager:6.4.0:*:*:*:*:*:*:*
Default Status
unaffected
Versions
Affected
  • From 7.6.0 through 7.6.1 (semver)
  • From 7.4.0 through 7.4.6 (semver)
  • From 7.2.0 through 7.2.10 (semver)
  • From 7.0.0 through 7.0.14 (semver)
  • From 6.4.0 through 6.4.15 (semver)
Vendor
Fortinet, Inc.Fortinet
Product
FortiAnalyzer
CPEs
  • cpe:2.3:o:fortinet:fortianalyzer:7.6.1:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortianalyzer:7.6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortianalyzer:7.4.6:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortianalyzer:7.4.5:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortianalyzer:7.4.4:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortianalyzer:7.4.3:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortianalyzer:7.4.2:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortianalyzer:7.4.1:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortianalyzer:7.4.0:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortianalyzer:7.2.10:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortianalyzer:7.2.9:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortianalyzer:7.2.8:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortianalyzer:7.2.7:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortianalyzer:7.2.6:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortianalyzer:7.2.5:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortianalyzer:7.2.4:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortianalyzer:7.2.3:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortianalyzer:7.2.2:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortianalyzer:7.2.1:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortianalyzer:7.2.0:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortianalyzer:7.0.14:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortianalyzer:7.0.13:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortianalyzer:7.0.12:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortianalyzer:7.0.11:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortianalyzer:7.0.10:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortianalyzer:7.0.9:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortianalyzer:7.0.8:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortianalyzer:7.0.7:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortianalyzer:7.0.6:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortianalyzer:7.0.5:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortianalyzer:7.0.4:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortianalyzer:7.0.3:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortianalyzer:7.0.2:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortianalyzer:7.0.1:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortianalyzer:7.0.0:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortianalyzer:6.4.15:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortianalyzer:6.4.14:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortianalyzer:6.4.13:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortianalyzer:6.4.12:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortianalyzer:6.4.11:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortianalyzer:6.4.10:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortianalyzer:6.4.9:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortianalyzer:6.4.8:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortianalyzer:6.4.7:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortianalyzer:6.4.6:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortianalyzer:6.4.5:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortianalyzer:6.4.4:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortianalyzer:6.4.3:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortianalyzer:6.4.2:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortianalyzer:6.4.1:*:*:*:*:*:*:*
  • cpe:2.3:o:fortinet:fortianalyzer:6.4.0:*:*:*:*:*:*:*
Default Status
unaffected
Versions
Affected
  • From 7.6.0 through 7.6.1 (semver)
  • From 7.4.0 through 7.4.6 (semver)
  • From 7.2.0 through 7.2.10 (semver)
  • From 7.0.0 through 7.0.14 (semver)
  • From 6.4.0 through 6.4.15 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-89Execute unauthorized code or commands
Type: CWE
CWE ID: CWE-89
Description: Execute unauthorized code or commands
Metrics
VersionBase scoreBase severityVector
3.12.6LOW
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:C
Version: 3.1
Base score: 2.6
Base severity: LOW
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:C
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Please upgrade to FortiManager version 7.6.2 or above Please upgrade to FortiManager version 7.4.7 or above Please upgrade to FortiAnalyzer version 7.6.2 or above Please upgrade to FortiAnalyzer version 7.4.7 or above Please upgrade to FortiAnalyzer Cloud version 7.6.2 or above Please upgrade to FortiAnalyzer Cloud version 7.4.7 or above Please upgrade to FortiManager Cloud version 7.6.2 or above Please upgrade to FortiManager Cloud version 7.4.7 or above

Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://fortiguard.fortinet.com/psirt/FG-IR-24-437
N/A
Hyperlink: https://fortiguard.fortinet.com/psirt/FG-IR-24-437
Resource: N/A
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:psirt@fortinet.com
Published At:08 Jul, 2025 | 15:15
Updated At:22 Jul, 2025 | 18:11

An Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability [CWE-89] in FortiManager 7.6.0 through 7.6.1, 7.4.0 through 7.4.6, 7.2 all versions, 7.0 all versions, 6.4 all versions; FortiManager Cloud 7.4.1 through 7.4.6, 7.2 all versions, 7.0 all versions, 6.4 all versions; FortiAnalyzer 7.6.0 through 7.6.1, 7.4.0 through 7.4.6, 7.2 all versions, 7.0 all versions, 6.4 all versions; and FortiAnalyzer Cloud 7.4.1 through 7.4.6, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow an authenticated attacker with high privilege to extract database information via crafted requests.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.12.7LOW
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
Type: Secondary
Version: 3.1
Base score: 2.7
Base severity: LOW
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
CPE Matches
Fortinet, Inc.
fortinet
>>fortianalyzer>>Versions from 6.4.0(inclusive) to 7.4.7(exclusive)
cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*
Fortinet, Inc.
fortinet
>>fortianalyzer>>Versions from 7.6.0(inclusive) to 7.6.2(exclusive)
cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*
Fortinet, Inc.
fortinet
>>fortianalyzer_cloud>>Versions from 6.4.1(inclusive) to 7.4.7(exclusive)
cpe:2.3:a:fortinet:fortianalyzer_cloud:*:*:*:*:*:*:*:*
Fortinet, Inc.
fortinet
>>fortimanager>>Versions from 6.4.0(inclusive) to 7.4.7(exclusive)
cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*
Fortinet, Inc.
fortinet
>>fortimanager>>Versions from 7.6.0(inclusive) to 7.6.2(exclusive)
cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*
Fortinet, Inc.
fortinet
>>fortimanager_cloud>>Versions from 6.4.1(inclusive) to 7.4.7(exclusive)
cpe:2.3:a:fortinet:fortimanager_cloud:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-89Primarypsirt@fortinet.com
CWE ID: CWE-89
Type: Primary
Source: psirt@fortinet.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://fortiguard.fortinet.com/psirt/FG-IR-24-437psirt@fortinet.com
Vendor Advisory
Hyperlink: https://fortiguard.fortinet.com/psirt/FG-IR-24-437
Source: psirt@fortinet.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

87Records found
CVE-2026-36920
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-2.7||LOW
EPSS-0.03% / 7.24%
||
7 Day CHG~0.00%
Published-13 Apr, 2026 | 00:00
Updated-14 Apr, 2026 | 11:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sourcecodester Online Reviewer System v1.0 is vulnerable to SQL Injection in the file /system/system/admins/assessments/examproper/questions-view.php.

Action-Not Available
Vendor-n/ajanobe
Product-online_reviewer_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-36922
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-2.7||LOW
EPSS-0.03% / 7.24%
||
7 Day CHG~0.00%
Published-13 Apr, 2026 | 00:00
Updated-14 Apr, 2026 | 17:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sourcecodester Cab Management System v1.0 is vulnerable to SQL injection in the file /cms/admin/categories/view_category.php.

Action-Not Available
Vendor-n/aoretnom23
Product-cab_management_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-37601
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-2.7||LOW
EPSS-0.02% / 5.69%
||
7 Day CHG~0.00%
Published-14 Apr, 2026 | 00:00
Updated-14 Apr, 2026 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SourceCodester Patient Appointment Scheduler System v1.0 is vulnerable to SQL Injection in the file /scheduler/admin/appointments/manage_appointment.php.

Action-Not Available
Vendor-n/a
Product-n/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-36872
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-2.7||LOW
EPSS-0.03% / 7.24%
||
7 Day CHG~0.00%
Published-13 Apr, 2026 | 00:00
Updated-14 Apr, 2026 | 17:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sourcecodester Basic Library System v1.0 is vulnerable to SQL Injection in /librarysystem/load_book.php.

Action-Not Available
Vendor-n/arazormist
Product-basic_library_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-36938
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-2.7||LOW
EPSS-0.03% / 7.79%
||
7 Day CHG~0.00%
Published-13 Apr, 2026 | 00:00
Updated-13 Apr, 2026 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sourcecodester Online Resort Management System v1.0 is vulnerable to SQL injection in /orms/admin/rooms/view_room.php.

Action-Not Available
Vendor-n/a
Product-n/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-37589
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-2.7||LOW
EPSS-0.02% / 5.69%
||
7 Day CHG~0.00%
Published-14 Apr, 2026 | 00:00
Updated-14 Apr, 2026 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SourceCodester Storage Unit Rental Management System v1.0 is vulnerable to SQL Injection in the file /storage/admin/maintenance/manage_storage_unit.php.

Action-Not Available
Vendor-n/a
Product-n/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-37595
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-2.7||LOW
EPSS-0.02% / 5.69%
||
7 Day CHG~0.00%
Published-14 Apr, 2026 | 00:00
Updated-14 Apr, 2026 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection in the file /wfh_attendance/admin/manage_employee.php.

Action-Not Available
Vendor-n/a
Product-n/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-36944
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-2.7||LOW
EPSS-0.03% / 7.79%
||
7 Day CHG~0.00%
Published-13 Apr, 2026 | 00:00
Updated-13 Apr, 2026 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerale to SQL injection in the file/rsms/admin/repairs/view_details.php.

Action-Not Available
Vendor-n/a
Product-n/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-37600
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-2.7||LOW
EPSS-0.02% / 5.69%
||
7 Day CHG~0.00%
Published-14 Apr, 2026 | 00:00
Updated-14 Apr, 2026 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SourceCodester Patient Appointment Scheduler System v1.0 is vulnerable to SQL Injection in the file /scheduler/admin/appointments/view_details.php.

Action-Not Available
Vendor-n/a
Product-n/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-37593
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-2.7||LOW
EPSS-0.02% / 5.69%
||
7 Day CHG~0.00%
Published-14 Apr, 2026 | 00:00
Updated-14 Apr, 2026 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection in the file /wfh_attendance/admin/view_att.php.

Action-Not Available
Vendor-n/a
Product-n/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-36943
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-2.7||LOW
EPSS-0.03% / 7.79%
||
7 Day CHG~0.00%
Published-13 Apr, 2026 | 00:00
Updated-13 Apr, 2026 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL injection in the file /rsms/admin/repairs/manage_repair.php.

Action-Not Available
Vendor-n/a
Product-n/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-37602
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-2.7||LOW
EPSS-0.02% / 5.69%
||
7 Day CHG~0.00%
Published-14 Apr, 2026 | 00:00
Updated-14 Apr, 2026 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SourceCodester Patient Appointment Scheduler System v1.0 is vulnerable to SQL Injection in the file /scheduler/admin/user/manage_user.php.

Action-Not Available
Vendor-n/a
Product-n/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-36945
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-2.7||LOW
EPSS-0.03% / 7.79%
||
7 Day CHG~0.00%
Published-13 Apr, 2026 | 00:00
Updated-13 Apr, 2026 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL injection in the file /rsms/admin/clients/manage_client.php

Action-Not Available
Vendor-n/a
Product-n/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-36952
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-2.7||LOW
EPSS-0.03% / 7.79%
||
7 Day CHG~0.00%
Published-13 Apr, 2026 | 00:00
Updated-14 Apr, 2026 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sourcecodester Online Thesis Archiving System v1.0 is vulnerable to SQL injection in the file /otas/admin/curriculum/manage_curriculum.php.

Action-Not Available
Vendor-n/a
Product-n/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-36950
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-2.7||LOW
EPSS-0.03% / 7.79%
||
7 Day CHG~0.00%
Published-13 Apr, 2026 | 00:00
Updated-14 Apr, 2026 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sourcecodester Online Thesis Archiving System v1.0 is vulnerable to SQL injection in /otas/projects_per_department.php.

Action-Not Available
Vendor-n/a
Product-n/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-37592
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-2.7||LOW
EPSS-0.03% / 7.34%
||
7 Day CHG~0.00%
Published-14 Apr, 2026 | 00:00
Updated-14 Apr, 2026 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sourcecodester Storage Unit Rental Management System v1.0 is vulnerable to SQL in the file /storage/admin/maintenance/manage_pricing.php.

Action-Not Available
Vendor-n/a
Product-n/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-36947
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-2.7||LOW
EPSS-0.03% / 7.24%
||
7 Day CHG~0.00%
Published-13 Apr, 2026 | 00:00
Updated-14 Apr, 2026 | 17:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL Injection in the file /rsms/admin/services/view_service.php.

Action-Not Available
Vendor-n/aoretnom23
Product-computer_and_mobile_repair_shop_management_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-36873
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-2.7||LOW
EPSS-0.03% / 7.24%
||
7 Day CHG~0.00%
Published-13 Apr, 2026 | 00:00
Updated-14 Apr, 2026 | 17:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sourcecodester Basic Library System v1.0 is vulnerable to SQL Injection in /librarysystem/load_admin.php.

Action-Not Available
Vendor-n/arazormist
Product-basic_library_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-37594
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-2.7||LOW
EPSS-0.02% / 5.69%
||
7 Day CHG~0.00%
Published-14 Apr, 2026 | 00:00
Updated-14 Apr, 2026 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection in the file /wfh_attendance/admin/view_employee.php.

Action-Not Available
Vendor-n/a
Product-n/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-36937
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-2.7||LOW
EPSS-0.03% / 7.79%
||
7 Day CHG~0.00%
Published-13 Apr, 2026 | 00:00
Updated-13 Apr, 2026 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sourcecodester Online Resort Management System v1.0 is vulnerable to SQL injection in /orms/admin/reservations/view_details.php.

Action-Not Available
Vendor-n/a
Product-n/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-37598
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-2.7||LOW
EPSS-0.04% / 13.28%
||
7 Day CHG~0.00%
Published-14 Apr, 2026 | 00:00
Updated-14 Apr, 2026 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SourceCodester Patient Appointment Scheduler System v1.0 is vulnerable to arbitrary code execution (RCE) via /scheduler/classes/SystemSettings.php?f=update_settings.

Action-Not Available
Vendor-n/a
Product-n/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-36941
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-2.7||LOW
EPSS-0.03% / 7.79%
||
7 Day CHG~0.00%
Published-13 Apr, 2026 | 00:00
Updated-13 Apr, 2026 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sourcecodester Online Resort Management System v1.0 is vulnerable to SQL Injection in the file /orms/admin/rooms/manage_room.php.

Action-Not Available
Vendor-n/a
Product-n/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-36946
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-2.7||LOW
EPSS-0.03% / 7.24%
||
7 Day CHG~0.00%
Published-13 Apr, 2026 | 00:00
Updated-14 Apr, 2026 | 17:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL injection in the file /rsms/admin/inquiries/view_details.php.

Action-Not Available
Vendor-n/aoretnom23
Product-computer_and_mobile_repair_shop_management_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-37596
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-2.7||LOW
EPSS-0.02% / 5.69%
||
7 Day CHG~0.00%
Published-14 Apr, 2026 | 00:00
Updated-14 Apr, 2026 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection in the file /wfh_attendance/admin/manage_department.php.

Action-Not Available
Vendor-n/a
Product-n/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-28815
Matching Score-4
Assigner-CERT@VDE
ShareView Details
Matching Score-4
Assigner-CERT@VDE
CVSS Score-2.7||LOW
EPSS-0.20% / 42.27%
||
7 Day CHG~0.00%
Published-28 Sep, 2022 | 13:45
Updated-20 May, 2025 | 20:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SQL-Injection in Carlo Gavazzi UWP 3.0 Sentilo Proxy

In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 the Sentilo Proxy server was discovered to contain a SQL injection vulnerability allowing an attacker to query other tables of the Sentilo service.

Action-Not Available
Vendor-gavazziautomationCarlo Gavazzi
Product-uwp_3.0_monitoring_gateway_and_controlleruwp_3.0_monitoring_gateway_and_controller_firmwarecpy_car_park_serverUWP 3.0 Monitoring Gateway and Controller – EDP versionUWP 3.0 Monitoring Gateway and ControllerUWP 3.0 Monitoring Gateway and Controller – Security EnhancedCPY Car Park Server
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-26888
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-2.7||LOW
EPSS-0.03% / 9.34%
||
7 Day CHG~0.00%
Published-03 Mar, 2026 | 00:00
Updated-04 Mar, 2026 | 03:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/manage_stock.php.

Action-Not Available
Vendor-n/aoretnom23
Product-pharmacy_point_of_sale_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-26885
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-2.7||LOW
EPSS-0.03% / 9.34%
||
7 Day CHG~0.00%
Published-03 Mar, 2026 | 00:00
Updated-04 Mar, 2026 | 14:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sourcecodester Online Men's Salon Management System v1.0 is vulnerable to SQL Injection in /classes/Master.php?f=delete_service.

Action-Not Available
Vendor-n/aoretnom23
Product-simple_online_men\'s_salon_management_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-26890
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-2.7||LOW
EPSS-0.03% / 9.34%
||
7 Day CHG~0.00%
Published-03 Mar, 2026 | 00:00
Updated-04 Mar, 2026 | 14:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/manage_product.php.

Action-Not Available
Vendor-n/aoretnom23
Product-pharmacy_point_of_sale_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-26889
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-2.7||LOW
EPSS-0.03% / 9.34%
||
7 Day CHG~0.00%
Published-03 Mar, 2026 | 00:00
Updated-04 Mar, 2026 | 03:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/manage_category.php.

Action-Not Available
Vendor-n/aoretnom23
Product-pharmacy_point_of_sale_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-36923
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-2.7||LOW
EPSS-0.03% / 7.24%
||
7 Day CHG~0.00%
Published-13 Apr, 2026 | 00:00
Updated-14 Apr, 2026 | 17:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sourcecodester Cab Management System 1.0 is vulnerable to SQL Injection in the file /cms/admin/bookings/view_booking.php.

Action-Not Available
Vendor-n/aoretnom23
Product-cab_management_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-26883
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-2.7||LOW
EPSS-0.03% / 9.34%
||
7 Day CHG~0.00%
Published-03 Mar, 2026 | 00:00
Updated-04 Mar, 2026 | 14:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sourcecodester Online Men's Salon Management System v1.0 is vulnerable to SQL Injection in /msms/classes/Master.php?f=delete_appointment.

Action-Not Available
Vendor-n/aoretnom23
Product-simple_online_men\'s_salon_management_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-26891
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-2.7||LOW
EPSS-0.01% / 1.23%
||
7 Day CHG~0.00%
Published-03 Mar, 2026 | 00:00
Updated-04 Mar, 2026 | 03:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sourcecodester Logistic Hub Parcel's Management System v1.0 is vulnerable to SQL Injection in /manage_parcel_type.php.

Action-Not Available
Vendor-n/aoretnom23
Product-simple_logistic_hub_parcel\'s_management_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-26884
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-2.7||LOW
EPSS-0.03% / 9.34%
||
7 Day CHG~0.00%
Published-03 Mar, 2026 | 00:00
Updated-04 Mar, 2026 | 14:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sourcecodester Online Men's Salon Management System v1.0 is vulnerable to SQL Injection in /msms/admin/appointments/view_appointment.php.

Action-Not Available
Vendor-n/aoretnom23
Product-simple_online_men\'s_salon_management_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-26886
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-2.7||LOW
EPSS-0.03% / 9.34%
||
7 Day CHG~0.00%
Published-03 Mar, 2026 | 00:00
Updated-04 Mar, 2026 | 17:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sourcecodester Online Men's Salon Management System v1.0 is vulnerable to SQL Injection in /admin/services/manage_service.php.

Action-Not Available
Vendor-n/aoretnom23
Product-simple_online_men\'s_salon_management_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-26887
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-2.7||LOW
EPSS-0.03% / 9.34%
||
7 Day CHG~0.00%
Published-03 Mar, 2026 | 00:00
Updated-04 Mar, 2026 | 04:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/manage_supplier.php.

Action-Not Available
Vendor-n/aoretnom23
Product-pharmacy_point_of_sale_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-3710
Matching Score-4
Assigner-Sophos Limited
ShareView Details
Matching Score-4
Assigner-Sophos Limited
CVSS Score-2.7||LOW
EPSS-0.35% / 57.54%
||
7 Day CHG~0.00%
Published-01 Dec, 2022 | 00:00
Updated-23 Apr, 2025 | 20:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A post-auth read-only SQL injection vulnerability allows API clients to read non-sensitive configuration database contents in the API controller of Sophos Firewall releases older than version 19.5 GA.

Action-Not Available
Vendor-Sophos Ltd.
Product-xg_firewall_firmwarexg_firewallSophos Firewall
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-26892
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-2.7||LOW
EPSS-0.04% / 10.50%
||
7 Day CHG~0.00%
Published-03 Mar, 2026 | 00:00
Updated-11 Mar, 2026 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sourcecodester Logistic Hub Parcel's Management System v1.0 is vulnerable to SQL Injection in /manage_carrier.php.

Action-Not Available
Vendor-n/aoretnom23
Product-simple_logistic_hub_parcel\'s_management_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
  • Previous
  • 1
  • 2
  • Next
Details not found