CVE-2026-6489 | QueryMine sms up to 7ab5a9ea196209611134525ffc18de25c57d9593 Background Management Page admin/addteacher.php image unrestricted upload

A vulnerability labeled as critical has been found in QueryMine sms up to 7ab5a9ea196209611134525ffc18de25c57d9593. This issue affects some unknown processing of the file admin/addteacher.php of the component Background Management Page. The manipulation of the argument image results in unrestricted upload.

This vulnerability is reported as CVE-2026-6489. The attack can be launched remotely. Moreover, an exploit is present.

This product does not use versioning. This is why information about affected and unaffected releases are unavailable.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-6489 | QueryMine sms up to 7ab5a9ea196209611134525ffc18de25c57d9593 Background Management Page admin/addteacher.php image unrestricted upload

Post correlati

CVE-2026-1007 | Devolutions Server up to 2025.3.12 authorization (DEVO-2026-0003)

CVE-2025-15466 | Image Photo Gallery Final Tiles Grid Plugin up to 3.6.9 on WordPress authorization

CVE-2026-32261 | Webhooks Plugin up to 3.1.x on Craftcms That Call renderString special elements used in a template engine (GHSA-8wg7-wm29-2rvg)

CVE-2025-69426 | RUCKUS vRIoT IOT Controller up to 2.x SSH Service permission assignment