CVE-2026-7435 in SSCMSИнформация

Сводка

по MITRE • 01.05.2026

SSCMS v7.4.0 contains a SQL injection vulnerability in the stl:sqlContent tag where the queryString attribute is passed directly to database execution without parameterization or sanitization. Attackers can craft encrypted payloads submitted to the /api/stl/actions/dynamic endpoint to execute arbitrary SQL statements, leading to unauthorized database access, data disclosure, authentication bypass, data modification, or complete database compromise.

Once again VulDB remains the best source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Ответственный

VulnCheck

Резервировать

29.04.2026

Раскрытие

01.05.2026

Модерация

принято

Вход

VDB-360387

EPSS

0.00164

KEV

Нет

Деятельности

Очень низкий

Источники

MITREhttps://www.cve.org/CVERecord?id=CVE-2026-7435
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2026-7435
CVE Detailshttps://www.cvedetails.com/cve/CVE-2026-7435/

ПредыдущийОбзорДалее

Do you want to use VulDB in your project?

Use the official API to access entries easily!