CVE-2026-6488 | QueryMine sms up to 7ab5a9ea196209611134525ffc18de25c57d9593 GET Request Parameter admin/editcourse.php ID sql injection

A vulnerability identified as critical has been detected in QueryMine sms up to 7ab5a9ea196209611134525ffc18de25c57d9593. This vulnerability affects unknown code of the file admin/editcourse.php of the component GET Request Parameter Handler. The manipulation of the argument ID leads to sql injection.

This vulnerability is documented as CVE-2026-6488. The attack can be initiated remotely. Additionally, an exploit exists.

Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-6488 | QueryMine sms up to 7ab5a9ea196209611134525ffc18de25c57d9593 GET Request Parameter admin/editcourse.php ID sql injection

Post correlati

CVE-2024-42646 | NanoMQ 0.21.10 Message memory corruption

CVE-2024-10122 | Topdata Inner Rep Plus WebServer 2.01 Operator Details Form /InnerRepPlus.html missing password field masking

CVE-2023-5404 | Honeywell Experion Server heap-based overflow

CVE-2024-12991 | Beijing Longda Jushang Technology DBShop商城系统 3.3 Release 231225 /home-order orderStatus cross site scripting