← voltar
CVE-2026-1432

SQL injection (SQLi) on the Buroweb platform

CVSS 9.3 CRITICALEPSS 0.3%CWE-89
Vexday Risk Score
28Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 9.3EPSS 0.3%KEV nãoPoC Nuclei Metasploit Patch referenciado
Ciclo de vida
03 fev 2026Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
SQL injection vulnerability in the Buroweb platform version 2505.0.12, specifically in the 'tablon' component. This vulnerability is present in several parameters that do not correctly sanitize user input in the endpoint '/sta/CarpetaPublic/doEvent?APP_CODE=STA&PAGE_CODE=TABLON'. Exploiting this vulnerability could allow an attacker to execute queries on the database and gain access to confidential information.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:L/SI:N/SA:L
Produtos afetados
T-Systems · Buroweb