CVE-2026-4190 | JawherKl node-api-postgres up to 2.5 models/user.js User.getAll sort sql injection

Inserito da Angelo Barbosa | Mar 14, 2026 | CVE

A vulnerability was found in JawherKl node-api-postgres up to 2.5 and classified as critical. This impacts the function User.getAll of the file models/user.js. The manipulation of the argument sort results in sql injection.

This vulnerability is identified as CVE-2026-4190. The attack can be executed remotely. Additionally, an exploit exists.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-4190 | JawherKl node-api-postgres up to 2.5 models/user.js User.getAll sort sql injection

Post correlati

CVE-2024-53502 | Seecms 4.8 SEMCMS_SeoAndTag.php sql injection

CVE-2026-2431 | CM Custom Reports Plugin up to 1.2.7 on WordPress date_from/date_to cross site scripting

CVE-2024-21686 | Atlassian Confluence Data Center/Confluence Server up to 8.9.3 cross site scripting

CVE-2024-37023 | Vonets VGA-1000 up to 3.3.23.6.9 os command injection (icsa-24-214-08)