CVE-2026-3325

SQL injection SQLi in MegaCMS v12.0.0, specifically in the “idterritorio” parameter of the “/webcomunications/cms/getprovincias” endpoint. The vulnerability arises from inadequate validation and sanitisation of user input. Specifically, via a POST request, the “idterritorio” parameter, used...

CVE-2026-3325

MegaCMS v12.0.0 is affected by a SQL injection in the /web_comunications/cms/get_provincias endpoint, via the POST parameter id_territorio after the registration form submission. The vulnerability stems from insufficient validation/sanitisation of user input, allowing an unauthenticated attacker ...

EUVD-2026-26199

SQL injection SQLi in MegaCMS v12.0.0, specifically in the “idterritorio” parameter of the “/webcomunications/cms/getprovincias” endpoint. The vulnerability arises from inadequate validation and sanitisation of user input. Specifically, via a POST request, the “idterritorio” parameter, used...

CVE-2026-3325 SQL injection in MegaCMS by CRM Sistemas de Fidelización

SQL injection SQLi in MegaCMS v12.0.0, specifically in the “idterritorio” parameter of the “/webcomunications/cms/getprovincias” endpoint. The vulnerability arises from inadequate validation and sanitisation of user input. Specifically, via a POST request, the “idterritorio” parameter, used...

CVE-2026-3325 SQL injection in MegaCMS by CRM Sistemas de Fidelización

SQL injection SQLi in MegaCMS v12.0.0, specifically in the “idterritorio” parameter of the “/webcomunications/cms/getprovincias” endpoint. The vulnerability arises from inadequate validation and sanitisation of user input. Specifically, via a POST request, the “idterritorio” parameter, used...