Vulnerabilities

CVE-2026-1105 - EasyCMS UserAction.class.php sql injection

2026-01-18 0 views admin
CVE-2026-1105 - EasyCMS UserAction.class.php sql injection

CVE ID : CVE-2026-1105 Published : Jan. 18, 2026, 12:15 a.m. | 42 minutes ago Description : A vulnerability was identified in EasyCMS up to 1.6. This vulnerability affects unknown code of the file /UserAction.class.php. Such manipulation of the argument _order leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way. Severity: 7.5 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE Details

Severity
HIGH
Published
Jan. 18, 2026
Affected Product: php
Impact: sql injection

🏷️ Tags

cvevulnerabilitysecuritycybersecuritycve-2026-1105highphp

More from Vulnerabilities

CVE-2026-1066 - kalcaddle kodbox Compression zip command injection

CVE-2026-1066 - kalcaddle kodbox Compression zip command injection

2026-01-18 0
CVE-2026-1059 - FeMiner wms chkuser.php sql injection

CVE-2026-1059 - FeMiner wms chkuser.php sql injection

2026-01-17 0
CVE-2026-1061 - xiweicheng TMS FileController.java upload unrestricted upload

CVE-2026-1061 - xiweicheng TMS FileController.java upload unrestricted upload

2026-01-17 0
CVE-2026-1062 - xiweicheng TMS HtmlUtil.java summary server-side request forgery

CVE-2026-1062 - xiweicheng TMS HtmlUtil.java summary server-side request forgery

2026-01-17 0

Trending

1

Tech: Go-legacy-winxp: Compile Golang 1.24 code for Windows XP

2026-01-15 • 4457 views
2

Tech: Data is the only moat

2026-01-15 • 4133 views
3

Tech: Pocket TTS: A high quality TTS that gives your CPU a voice

2026-01-15 • 3239 views
4

Tech: AWS European Sovereign Cloud

2026-01-15 • 2741 views
5

Tech: JuiceFS is a distributed POSIX file system built on top of Redis and S3

2026-01-15 • 2719 views