CVE-2026-39394 | ci4-cms-erp ci4ms 0.28.5.0/0.31.0.0/0.31.2.0 Setting Install::index crlf injection (GHSA-vfhx-5459-qhqh)

Inserito da Angelo Barbosa | Apr 8, 2026 | CVE

A vulnerability classified as problematic has been found in ci4-cms-erp ci4ms 0.28.5.0/0.31.0.0/0.31.2.0. Affected by this vulnerability is the function Install::index of the component Setting Handler. This manipulation causes crlf injection.

This vulnerability is tracked as CVE-2026-39394. The attack is possible to be carried out remotely. No exploit exists.

It is recommended to upgrade the affected component.

CVE-2026-39394 | ci4-cms-erp ci4ms 0.28.5.0/0.31.0.0/0.31.2.0 Setting Install::index crlf injection (GHSA-vfhx-5459-qhqh)

Post correlati

CVE-2025-7744 | Dolusoft Omaspot prior 12.09.2025 sql injection

CVE-2023-53855 | Linux Kernel up to 6.1.45/6.4.10 net unbind dsa_tag_8021q_unregister assertion

CVE-2025-27614 | j6t gitk up to 2.50.0 os command injection (GHSA-g4v5-fjv9-mhhc)

CVE-2024-5453 | Metagauss ProfileGrid Plugin up to 5.8.6 on WordPress pm_dismissible_notice/pm_wizard_update_group_icon authorization