SQL Injection

🗓️ 14 Mar 2026 05:25:38Reported by Veracode Vulnerability DatabaseType

veracode🔗 sca.analysiscenter.veracode.com👁 1 Views

Craft Commerce is vulnerable to SQL Injection from an unvalidated sort parameter in orderBy.

Reporter	Title	Published	Views	Family All 14
ATTACKERKB	CVE-2026-29172	10 Mar 202619:52	–	attackerkb
Circl	CVE-2026-29172	9 Mar 202622:11	–	circl
CNNVD	Craft Commerce SQL注入漏洞	10 Mar 202600:00	–	cnnvd
CVE	CVE-2026-29172	10 Mar 202619:52	–	cve
Cvelist	CVE-2026-29172 Craft Commerce has a SQL Injection in Commerce Purchasables Table Sorting	10 Mar 202619:52	–	cvelist
EUVD	EUVD-2026-10813	10 Mar 202618:23	–	euvd
Github Security Blog	Craft Commerce is Vulnerable to SQL Injection in Commerce Purchasables Table Sorting	10 Mar 202618:23	–	github
NVD	CVE-2026-29172	10 Mar 202620:16	–	nvd
OSV	CVE-2026-29172 Craft Commerce has a SQL Injection in Commerce Purchasables Table Sorting	10 Mar 202619:52	–	osv
OSV	GHSA-J3X5-MGHF-XVFW Craft Commerce is Vulnerable to SQL Injection in Commerce Purchasables Table Sorting	10 Mar 202618:23	–	osv

Vulners

Node

commerce craftcms/commerceRange4.0.0-beta.1–4.10.1php

commerce craftcms/commerceRange5.0.0-beta.1–5.5.2php

commerce craftcms/commerceMatch4.0.0php

commerce craftcms/commerceMatch4.0.1php

commerce craftcms/commerceMatch4.0.2php

commerce craftcms/commerceMatch4.0.3php

commerce craftcms/commerceMatch4.0.4php

commerce craftcms/commerceMatch4.1.0php

commerce craftcms/commerceMatch4.1.1php

commerce craftcms/commerceMatch4.1.2php

commerce craftcms/commerceMatch4.1.3php

commerce craftcms/commerceMatch4.10.0php

commerce craftcms/commerceMatch4.2.0php

commerce craftcms/commerceMatch4.2.1php

commerce craftcms/commerceMatch4.2.10php

commerce craftcms/commerceMatch4.2.11php

commerce craftcms/commerceMatch4.2.2php

commerce craftcms/commerceMatch4.2.3php

commerce craftcms/commerceMatch4.2.4php

commerce craftcms/commerceMatch4.2.5php

commerce craftcms/commerceMatch4.2.5.1php

commerce craftcms/commerceMatch4.2.6php

commerce craftcms/commerceMatch4.2.7php

commerce craftcms/commerceMatch4.2.8php

commerce craftcms/commerceMatch4.2.9php

commerce craftcms/commerceMatch4.3.0php

commerce craftcms/commerceMatch4.3.1php

commerce craftcms/commerceMatch4.3.2php

commerce craftcms/commerceMatch4.3.3php

commerce craftcms/commerceMatch4.4.0php

commerce craftcms/commerceMatch4.4.1php

commerce craftcms/commerceMatch4.4.1.1php

commerce craftcms/commerceMatch4.5.0php

commerce craftcms/commerceMatch4.5.1php

commerce craftcms/commerceMatch4.5.1.1php

commerce craftcms/commerceMatch4.5.2php

commerce craftcms/commerceMatch4.5.3php

commerce craftcms/commerceMatch4.5.4php

commerce craftcms/commerceMatch4.6.0php

commerce craftcms/commerceMatch4.6.1php

commerce craftcms/commerceMatch4.6.10php

commerce craftcms/commerceMatch4.6.11php

commerce craftcms/commerceMatch4.6.12php

commerce craftcms/commerceMatch4.6.13php

commerce craftcms/commerceMatch4.6.14php

commerce craftcms/commerceMatch4.6.2php

commerce craftcms/commerceMatch4.6.3.1php

commerce craftcms/commerceMatch4.6.4php

commerce craftcms/commerceMatch4.6.5php

commerce craftcms/commerceMatch4.6.6php

commerce craftcms/commerceMatch4.6.7php

commerce craftcms/commerceMatch4.6.8php

commerce craftcms/commerceMatch4.6.9php

commerce craftcms/commerceMatch4.7.0php

commerce craftcms/commerceMatch4.7.1php

commerce craftcms/commerceMatch4.7.2php

commerce craftcms/commerceMatch4.7.3php

commerce craftcms/commerceMatch4.8.0php

commerce craftcms/commerceMatch4.8.0.1php

commerce craftcms/commerceMatch4.8.1php

commerce craftcms/commerceMatch4.8.1.1php

commerce craftcms/commerceMatch4.8.1.2php

commerce craftcms/commerceMatch4.8.2php

commerce craftcms/commerceMatch4.8.3php

commerce craftcms/commerceMatch4.8.4php

commerce craftcms/commerceMatch4.9.0php

commerce craftcms/commerceMatch4.9.1php

commerce craftcms/commerceMatch4.9.2php

commerce craftcms/commerceMatch4.9.3php

commerce craftcms/commerceMatch4.9.4php

commerce craftcms/commerceMatch5.0.0php

commerce craftcms/commerceMatch5.0.1php

commerce craftcms/commerceMatch5.0.10php

commerce craftcms/commerceMatch5.0.10.1php

commerce craftcms/commerceMatch5.0.11php

commerce craftcms/commerceMatch5.0.11.1php

commerce craftcms/commerceMatch5.0.12php

commerce craftcms/commerceMatch5.0.12.1php

commerce craftcms/commerceMatch5.0.12.2php

commerce craftcms/commerceMatch5.0.13php

commerce craftcms/commerceMatch5.0.14php

commerce craftcms/commerceMatch5.0.15php

commerce craftcms/commerceMatch5.0.16php

commerce craftcms/commerceMatch5.0.16.1php

commerce craftcms/commerceMatch5.0.16.2php

commerce craftcms/commerceMatch5.0.17php

commerce craftcms/commerceMatch5.0.18php

commerce craftcms/commerceMatch5.0.19php

commerce craftcms/commerceMatch5.0.2php

commerce craftcms/commerceMatch5.0.3php

commerce craftcms/commerceMatch5.0.4php

commerce craftcms/commerceMatch5.0.5php

commerce craftcms/commerceMatch5.0.6php

commerce craftcms/commerceMatch5.0.7php

commerce craftcms/commerceMatch5.0.8php

commerce craftcms/commerceMatch5.0.9php

commerce craftcms/commerceMatch5.1.0php

commerce craftcms/commerceMatch5.1.0-beta.1php

commerce craftcms/commerceMatch5.1.0-beta.2php

commerce craftcms/commerceMatch5.1.0-beta.3php

commerce craftcms/commerceMatch5.1.0.1php

commerce craftcms/commerceMatch5.1.1php

commerce craftcms/commerceMatch5.1.2php

commerce craftcms/commerceMatch5.1.3php

commerce craftcms/commerceMatch5.1.4php

commerce craftcms/commerceMatch5.2.0php

commerce craftcms/commerceMatch5.2.1php

commerce craftcms/commerceMatch5.2.10php

commerce craftcms/commerceMatch5.2.11php

commerce craftcms/commerceMatch5.2.12php

commerce craftcms/commerceMatch5.2.12.1php

commerce craftcms/commerceMatch5.2.2php

commerce craftcms/commerceMatch5.2.2.1php

commerce craftcms/commerceMatch5.2.3php

commerce craftcms/commerceMatch5.2.4php

commerce craftcms/commerceMatch5.2.5php

commerce craftcms/commerceMatch5.2.6php

commerce craftcms/commerceMatch5.2.7php

commerce craftcms/commerceMatch5.2.8php

commerce craftcms/commerceMatch5.2.9php

commerce craftcms/commerceMatch5.2.9.1php

commerce craftcms/commerceMatch5.3.0php

commerce craftcms/commerceMatch5.3.0.1php

commerce craftcms/commerceMatch5.3.0.2php

commerce craftcms/commerceMatch5.3.1php

commerce craftcms/commerceMatch5.3.10php

commerce craftcms/commerceMatch5.3.11php

commerce craftcms/commerceMatch5.3.12php

commerce craftcms/commerceMatch5.3.13php

commerce craftcms/commerceMatch5.3.2php

commerce craftcms/commerceMatch5.3.2.1php

commerce craftcms/commerceMatch5.3.2.2php

commerce craftcms/commerceMatch5.3.3php

commerce craftcms/commerceMatch5.3.4php

commerce craftcms/commerceMatch5.3.5php

commerce craftcms/commerceMatch5.3.6php

commerce craftcms/commerceMatch5.3.7php

commerce craftcms/commerceMatch5.3.8php

commerce craftcms/commerceMatch5.3.9php

commerce craftcms/commerceMatch5.4.0php

commerce craftcms/commerceMatch5.4.1php

commerce craftcms/commerceMatch5.4.1.1php

commerce craftcms/commerceMatch5.4.10php

commerce craftcms/commerceMatch5.4.2php

commerce craftcms/commerceMatch5.4.3php

commerce craftcms/commerceMatch5.4.4php

commerce craftcms/commerceMatch5.4.5php

commerce craftcms/commerceMatch5.4.5.1php

commerce craftcms/commerceMatch5.4.6php

commerce craftcms/commerceMatch5.4.7php

commerce craftcms/commerceMatch5.4.7.1php

commerce craftcms/commerceMatch5.4.8php

commerce craftcms/commerceMatch5.4.9php

commerce craftcms/commerceMatch5.5.0php

commerce craftcms/commerceMatch5.5.0.1php

commerce craftcms/commerceMatch5.5.1php

Source	Link
github	www.github.com/craftcms/commerce/commit/e4e0f4107cd895d29290523637f077fe280407b1
github	www.github.com/craftcms/commerce/commit/b231b920b73db023e81e5b261b894d73e865c276
github	www.github.com/advisories/GHSA-j3x5-mghf-xvfw

09 May 2026 05:33Current

5.9Medium risk

Vulners AI Score5.9

CVSS 3.18.8

CVSS 48.7

EPSS0.00015

SSVC