CVE Catalog

CVE-2026-42475

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.20%

10th percentile - higher than 10% of all known CVEs

Summary

SQL injection vulnerability in MixPHP Framework versions 2.x through 2.2.17. The flaw exists in the joinOn function in BuildHelper.php, where the `on` array is improperly handled, allowing SQL code injection.

Risk Assessment

An attacker can exploit this vulnerability to execute unauthorized SQL queries, potentially leading to data leakage, modification, or deletion in the database.

Recommendation

Immediately upgrade MixPHP Framework to a version later than 2.2.17 that includes a fix for the SQL injection vulnerability.

Original NVD description (English source)

SQL injection vulnerability in MixPHP Framework 2.x thru 2.2.17 via crafted `on` array to the joinOn function in BuildHelper.php.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS