GHSA-vvmc-8xvf-rg7jCriticalCVSS 9.8

SQL Injection vulnerability in damasac thaipalliative_lte through version 3.0 allows remote...

Published
June 11, 2026
Last Modified
June 11, 2026

🔗 CVE IDs covered (1)

📋 Description

SQL Injection vulnerability in damasac thaipalliative_lte through version 3.0 allows remote attackers to execute arbitrary SQL commands via the idFormMain parameter to /substudy/ezform.php (line 14) and the id parameter (line 49). The parameters are concatenated directly into SQL queries without sanitization or parameterized statements.

🔗 References (4)