CVE-2026-9065 | brainstormforce Surecart up to 4.2.0 REST API Endpoint integrations model_name/model_id/integration_id/provider sql injection

Inserito da Angelo Barbosa | Mag 20, 2026 | CVE

A vulnerability, which was classified as critical, has been found in brainstormforce Surecart up to 4.2.0. This issue affects some unknown processing of the file /surecart/v1/integrations/ of the component REST API Endpoint. The manipulation of the argument model_name/model_id/integration_id/provider leads to sql injection.

This vulnerability is documented as CVE-2026-9065. The attack can be initiated remotely. There is not any exploit available.

It is advisable to upgrade the affected component.

CVE-2026-9065 | brainstormforce Surecart up to 4.2.0 REST API Endpoint integrations model_name/model_id/integration_id/provider sql injection

Post correlati

CVE-2024-6934 | formtools.org Form Tools 3.1.1 step2.php Form URL cross site scripting

CVE-2025-10384 | yangzongzhuan RuoYi up to 4.8.1 Role cancelAll roleId/userIds improper authorization

CVE-2025-66520 | Foxit pdfonline Portfolio Feature cross site scripting

CVE-2024-13902 | huang-yk student-manage 1.0 Edit a Student Information Page Class cross site scripting (I9UXC4)