CVE Catalog

CVE-2026-36670

HighCVSS 8.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.28%

19th percentile — higher than 19% of all known CVEs

Summary

A Time-Based Blind SQL Injection vulnerability in the alias_management module of OpenSIPS Control Panel (opensips-cp) prior to version 9.3.3 allows authenticated attackers to execute arbitrary SQL commands via the 'table' GET parameter in alias_management.php.

Risk Assessment

This vulnerability could lead to unauthorized access to the database and exposure of sensitive information. Attackers may exploit this flaw to manipulate data within the system.

Recommendation

It is recommended to update OpenSIPS Control Panel to version 9.3.3 or later to mitigate this vulnerability. Additionally, conducting a security audit of the application is advisable to identify other potential vulnerabilities.

Original NVD description (English source)

A Time-Based Blind SQL Injection vulnerability in the alias_management module of OpenSIPS Control Panel (opensips-cp) prior to version 9.3.3 allows authenticated attackers to execute arbitrary SQL commands via the 'table' GET parameter in alias_management.php.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS