CVE Catalog

CVE-2026-40812

High
Published: Translated: NVD NIST

Summary

There is a remote SQL Injection vulnerability in the getLiveValues function that allows unauthorized access to data. An attacker can exploit this flaw, leading to a total loss of data confidentiality.

Risk Assessment

The organization is exposed to serious risks related to data loss and user privacy breaches. Potential data leaks can result in financial and reputational damage.

Recommendation

It is recommended to immediately patch the vulnerability by improving the neutralization of special elements in SQL queries. A security audit of the application should also be conducted to identify other potential vulnerabilities.

Original NVD description (English source)

An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getLiveValues functions sn parameter due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS