CVE-2026-54222
HighCVSS 8.6Exploitation Probability (EPSS)
Low risk22th percentile — higher than 22% of all known CVEs
Summary
UBB.threads is vulnerable to Blind SQL Injection, allowing attackers with access to the Members in Control Panel to interact with the underlying database. Due to insufficient input sanitization, an attacker can extract sensitive information, such as user credentials.
Risk Assessment
This vulnerability poses a risk of sensitive data leakage, which could lead to privacy violations for users and potential financial losses for the organization.
Recommendation
It is recommended to update to the latest version of the software and implement additional security measures, such as proper input sanitization.
Original NVD description (English source)
UBB.threads is vulnerable to Blind SQL Injection, allowing attackers with access to the Members in Control Panel to interact with the underlying database. Due to insufficient input sanitization, an attacker can extract sensitive information, such as user credentials, by manipulating SQL queries through time-based or boolean-based techniques. Because vendor contact attempts were unsuccessful, the vulnerability has only been confirmed in version 7.7.5 but may also affect other versions.

