Tag: sqli
All entries tagged sqli.
- Ubiquiti UniFi SAB-066 — 25 vulnerabilities incl. unauthenticated CVSS 10.0 command injection in UniFi Connect (CVE-2026-50746)
- CVE-2026-59509 — cve-search: unauthenticated /fetch_cve_data parameter manipulation exposes admin credential hashes (CVSS 9.2)
- CVE-2026-57517 — Control Web Panel: pre-auth blind SQL injection to web-shell RCE (CVSS 9.8)
- Education
- CVE-2026-12789 — ILIAS 11.0: unpatched, PoC-public SQL injection in the learning-progress subsystem (DACH education exposure)
- Check Point chains SQL injection to RCE in LangGraph's checkpointer (CVE-2025-67644 + CVE-2026-28277)
- Mautic 7.1.2 / 6.0.9 — seven authenticated flaws, including two post-auth RCE paths (SSTI and path-traversal-to-PHP-RCE), an SSRF and an API authorization bypass
- CVE-2026-48842 — Roundcube Webmail pre-authentication SQL injection in virtuser_query plugin (CVSS 8.1)
- ILIAS LMS — nine fixes shipped 2026-05-27, two critical access-control gaps (CVSS 9.8 + 9.3), NCSC.ch flags SOAP interface as primary unauthenticated attack surface
- CVE-2026-48842 — Roundcube Webmail pre-authentication SQL injection