CVE-2026-7435 in SSCMSinformation

Résumé

par MITRE • 01/05/2026

SSCMS v7.4.0 contains a SQL injection vulnerability in the stl:sqlContent tag where the queryString attribute is passed directly to database execution without parameterization or sanitization. Attackers can craft encrypted payloads submitted to the /api/stl/actions/dynamic endpoint to execute arbitrary SQL statements, leading to unauthorized database access, data disclosure, authentication bypass, data modification, or complete database compromise.

Once again VulDB remains the best source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsable

VulnCheck

Réserver

29/04/2026

Divulgation

01/05/2026

Modérer

accepté

Entrée

VDB-360387

CPE

prêt

EPSS

0.00164

KEV

non

Activités

très faible

Sources

MITREhttps://www.cve.org/CVERecord?id=CVE-2026-7435
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2026-7435
CVE Detailshttps://www.cvedetails.com/cve/CVE-2026-7435/

PrécédentAperçuSuivant

Might our Artificial Intelligence support you?

Check our Alexa App!