4 matches found
CVE-2026-57517
Control Web Panel before 0.9.8.1225 contains a blind SQL injection vulnerability that allows unauthenticated remote attackers to execute arbitrary SQL queries by submitting unsanitized input through the userRes POST parameter at the user endpoint. Attackers can exploit MySQL root privileges...
CVE-2026-57517 Control Web Panel < 0.9.8.1225 Blind SQL Injection via userRes Parameter
Control Web Panel before 0.9.8.1225 contains a blind SQL injection vulnerability that allows unauthenticated remote attackers to execute arbitrary SQL queries by submitting unsanitized input through the userRes POST parameter at the user endpoint. Attackers can exploit MySQL root privileges...
CVE-2026-57517
Control Web Panel prior to version 0.9.8.1225 is affected by CVE-2026-57517, a blind SQL injection via the userRes POST parameter at the user endpoint. The vulnerability allows unauthenticated remote attackers to execute arbitrary SQL queries, potentially leveraging MySQL root privileges obtained...
CVE-2026-57517
Control Web Panel before 0.9.8.1225 contains a blind SQL injection vulnerability that allows unauthenticated remote attackers to execute arbitrary SQL queries by submitting unsanitized input through the userRes POST parameter at the user endpoint. Attackers can exploit MySQL root privileges...