CVE-2026-36670
HighCVSS 8.8Exploitation Probability (EPSS)
Low risk19th percentile — higher than 19% of all known CVEs
Summary
A Time-Based Blind SQL Injection vulnerability in the alias_management module of OpenSIPS Control Panel (opensips-cp) prior to version 9.3.3 allows authenticated attackers to execute arbitrary SQL commands via the 'table' GET parameter in alias_management.php.
Risk Assessment
This vulnerability could lead to unauthorized access to the database and exposure of sensitive information. Attackers may exploit this flaw to manipulate data within the system.
Recommendation
It is recommended to update OpenSIPS Control Panel to version 9.3.3 or later to mitigate this vulnerability. Additionally, conducting a security audit of the application is advisable to identify other potential vulnerabilities.
Original NVD description (English source)
A Time-Based Blind SQL Injection vulnerability in the alias_management module of OpenSIPS Control Panel (opensips-cp) prior to version 9.3.3 allows authenticated attackers to execute arbitrary SQL commands via the 'table' GET parameter in alias_management.php.

