PYSEC-2026-426 Mocodo vulnerable to SQL injection in `/web/generate.php`
Mocodo Mocodo Online 4.2.6 and below does not properly sanitize the sqlcase input field in /web/generate.php, allowing remote attackers to execute arbitrary SQL commands and potentially command injection, leading to remote code execution RCE under certain conditions...