CVE-2026-38581
CriticalCVSS 9.8Summary
CVE-2026-38581 is an SQL Injection vulnerability in damasac thaipalliative_lte through version 3.0 that allows remote attackers to execute arbitrary SQL commands via the idFormMain and id parameters in the ezform.php file.
Risk Assessment
Attackers can exploit this vulnerability to gain access to sensitive data in the database, potentially leading to serious security breaches for the organization.
Recommendation
It is recommended to update to the latest version of the software and implement appropriate input sanitization mechanisms and the use of parameterized queries.
Original NVD description (English source)
SQL Injection vulnerability in damasac thaipalliative_lte through version 3.0 allows remote attackers to execute arbitrary SQL commands via the idFormMain parameter to /substudy/ezform.php (line 14) and the id parameter (line 49). The parameters are concatenated directly into SQL queries without sanitization or parameterized statements.

