What is GHSA-2445-qj53-662g?

GHSA-2445-qj53-662g is a security advisory published by GitHub Security Advisories with High severity. OpenKM 6.3.12 contains an unrestricted SQL execution vulnerability that allows authenticated...

Which CVE IDs does GHSA-2445-qj53-662g cover?

GHSA-2445-qj53-662g covers the following CVE IDs: CVE-2026-42425. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-2445-qj53-662g?

GHSA-2445-qj53-662g has a CVSS v3 base score of 7.2, published by GitHub Security Advisories.

GHSA-2445-qj53-662gHighCVSS 7.2

OpenKM 6.3.12 contains an unrestricted SQL execution vulnerability that allows authenticated...

Vendor

GitHub Security Advisories

Published

May 26, 2026

Last Modified

May 26, 2026

🔗 CVE IDs covered (1)

CVE-2026-42425 →

📋 Description

OpenKM 6.3.12 contains an unrestricted SQL execution vulnerability that allows authenticated administrative users to execute arbitrary SQL statements against the application database via the DatabaseQuery interface. Attackers can submit malicious SQL queries through the qs parameter to the /admin/DatabaseQuery endpoint to extract sensitive data including usernames and password hashes from the OKM_USER table, modify permissions, or delete database records.

🔗 References (9)

https://nvd.nist.gov/vuln/detail/CVE-2026-42425
https://github.com/terrasystemlabs/Exploits/tree/main/OpenKM-Exploits
https://github.com/terrasystemlabs/Exploits/tree/main/OpenKM-Exploits/nuclei-templates/openkm-sql-database-query
https://hub.docker.com/r/openkm/openkm-ce
https://terrasystemlabs.com/post?slug=openkm-zero-day-vulnerabilities-terra-system-labs
https://www.exploit-db.com/exploits/52520
https://www.openkm.com
https://www.vulncheck.com/advisories/openkm-unrestricted-sql-execution-via-databasequery
https://github.com/advisories/GHSA-2445-qj53-662g