CVE-2026-12076
Gravedad CVSS v4.0:
CRÍTICA
Tipo:
CWE-89
Neutralización incorrecta de elementos especiales usados en un comando SQL (Inyección SQL)
Fecha de publicación:
30/06/2026
Última modificación:
30/06/2026
Descripción
*** Pendiente de traducción *** Raytha CMS is vulnerable to SQL Injection within the OData filter parsing pipeline. The vulnerability allows a remote, unauthenticated attacker to execute <br />
arbitrary SQL statements against the underlying PostgreSQL database, <br />
leading to full database compromise, including credential extraction.<br />
<br />
Because vendor contact attempts were unsuccessful, the vulnerability has only been confirmed in version 1.5.2 but may also affect other versions.
Impacto
Puntuación base 4.0
9.30
Gravedad 4.0
CRÍTICA



