CVE-2023-26781: SQL Injection
First published: Fri Apr 28 2023(Updated: )
SQL injection vulnerability in mccms 2.6 allows remote attackers to run arbitrary SQL commands via Author Center ->Reader Comments ->Search.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Chshcms Mccms | =2.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-26781?
CVE-2023-26781 is a SQL injection vulnerability in mccms 2.6 that allows remote attackers to run arbitrary SQL commands.
How can this vulnerability be exploited?
This vulnerability can be exploited by sending malicious SQL commands through the Author Center -> Reader Comments -> Search feature.
What is the severity of CVE-2023-26781?
The severity of CVE-2023-26781 is classified as critical with a CVSS score of 9.8.
Which software versions are affected by CVE-2023-26781?
Mccms 2.6 is affected by this vulnerability.
Is there a fix available for CVE-2023-26781?
At the moment, there is no publicly available fix for CVE-2023-26781. It is recommended to follow the vendor's updates and patches for a solution.
- collector/nvd-index
- agent/severity
- agent/references
- agent/author
- agent/tags
- agent/event
- agent/weakness
- agent/type
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/chshcms
- canonical/chshcms mccms
- version/chshcms mccms/2.6