CVE Catalog

CVE-2026-54222

HighCVSS 8.6
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.31%

22th percentile — higher than 22% of all known CVEs

Summary

UBB.threads is vulnerable to Blind SQL Injection, allowing attackers with access to the Members in Control Panel to interact with the underlying database. Due to insufficient input sanitization, an attacker can extract sensitive information, such as user credentials.

Risk Assessment

This vulnerability poses a risk of sensitive data leakage, which could lead to privacy violations for users and potential financial losses for the organization.

Recommendation

It is recommended to update to the latest version of the software and implement additional security measures, such as proper input sanitization.

Original NVD description (English source)

UBB.threads is vulnerable to Blind SQL Injection, allowing attackers with access to the Members in Control Panel to interact with the underlying database. Due to insufficient input sanitization, an attacker can extract sensitive information, such as user credentials, by manipulating SQL queries through time-based or boolean-based techniques. Because vendor contact attempts were unsuccessful, the vulnerability has only been confirmed in version 7.7.5 but may also affect other versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS