CVE-2026-3200 | z-9527 admin 1.0/2.0 user.js checkName/register/login/getUser/getUsers sql injection

Inserito da Angelo Barbosa | Feb 25, 2026 | CVE

A vulnerability marked as critical has been reported in z-9527 admin 1.0/2.0. The affected element is the function checkName/register/login/getUser/getUsers of the file /server/controller/user.js. The manipulation leads to sql injection.

This vulnerability is documented as CVE-2026-3200. The attack can be initiated remotely. Additionally, an exploit exists.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-3200 | z-9527 admin 1.0/2.0 user.js checkName/register/login/getUser/getUsers sql injection

Post correlati

CVE-2024-56897 | YI Car Dashcam 3.88 HTTP Server access control

CVE-2025-56401 | ZIRA WBRM 7.0 referenceLookupsByTableNameAndColumnName sql injection

CVE-2024-5397 | itsourcecode Online Student Enrollment System 1.0 instructorSubjects.php instructorId sql injection

CVE-2024-33180 | Tenda AC18 15.03.3.10 saveParentControlInfo deviceId stack-based overflow