Vulnerabilities

Report: CVE-2026-31069 - BillaBear SQL Injection Vulnerability

2026-05-19 0 views admin

CVE ID :CVE-2026-31069 Published : May 19, 2026, 4:16 p.m. | 1 hour, 46 minutes ago Description :BillaBear (all versions prior to Jan 2026) contains a SQL Injection vulnerability in the EventRepository. User-controlled input from metric filter names and aggregation properties is directly interpolated into SQL queries using sprintf() without proper sanitization or identifier quoting. Although filter values are parameterized, the filter identifiers (keys) are not. An authenticated attacker with ROLE_ACCOUNT_MANAGER permissions can exploit this to execute arbitrary SQL commands. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE Details

CVE ID

CVE-2026-31069

Published

May 19, 2026

Impact: SQL Injection

🏷️ Tags

report31069billabearinjectionvulnerabilitypublishedminutesdescriptioncvesql injection

InfinitSec - Latest Cybersecurity, Technology & Gaming News

Report: CVE-2026-31069 - BillaBear SQL Injection Vulnerability

CVE Details

🏷️ Tags

More from Vulnerabilities

Report: CVE-2026-29518 - Rsync < 3.4.3 TOCTOU Race Condition Allows Symlink-Based Arbitrary File Write

Report: CVE-2026-3593 - Heap use-after-free vulnerability in BIND 9 DNS-over-HTTPS implementation - Full Analysis

Report: Ultimate Guide: CVE-2026-3592 - Amplification vulnerabilities via self-pointed glue records

Report: Ultimate Guide: CVE-2026-3039 - BIND 9 server memory exhaustion during GSS-API TKEY negotiation

Trending

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

CVE-2025-43939: Dell Unity OS Command Injection (High)

Google disputes false claims of massive Gmail data breach

Microsoft: DNS outage impacts Azure and Microsoft 365 services

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting