CVE-2026-6490 | QueryMine sms up to 7ab5a9ea196209611134525ffc18de25c57d9593 GET Request Parameter admin/deletecourse.php ID sql injection

A vulnerability marked as critical has been reported in QueryMine sms up to 7ab5a9ea196209611134525ffc18de25c57d9593. Impacted is an unknown function of the file admin/deletecourse.php of the component GET Request Parameter Handler. This manipulation of the argument ID causes sql injection.

This vulnerability appears as CVE-2026-6490. The attack may be initiated remotely. In addition, an exploit is available.

This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-6490 | QueryMine sms up to 7ab5a9ea196209611134525ffc18de25c57d9593 GET Request Parameter admin/deletecourse.php ID sql injection

Post correlati

CVE-2024-6963 | Tenda O3 1.0.0.10 formexeCommand cmdinput stack-based overflow

CVE-2025-6331 | PHPGurukul Directory Management System 1.0 search-directory.php searchdata sql injection

CVE-2026-2410 | Disable Admin Notices Plugin up to 1.4.2 on WordPress showPageContent cross-site request forgery

CVE-2026-1415 | GPAC up to 2.4.0 media_export.c gf_media_export_webvtt_metadata Name null pointer dereference (Issue 3428)