CVE-2026-1517

MEDIUM

iomad < 5.0 - SQL Injection in Company Admin Block

Title source: llm

Description

A vulnerability was identified in iomad up to 5.0. Affected is an unknown function of the component Company Admin Block. Such manipulation leads to sql injection. The attack can be executed remotely. It is best practice to apply a patch to resolve this issue.

References (5)

Core 5

Core References

Permissions Required, VDB Entry vdb-entry technical-description

https://vuldb.com/?id.344487

Permissions Required, VDB Entry signature permissions-required

https://vuldb.com/?ctiid.344487

Issue Tracking issue-tracking

https://github.com/iomad/iomad/issues/2559

Issue Tracking issue-tracking patch

https://github.com/iomad/iomad/issues/2559#issuecomment-3841174677

Various Sources product

https://github.com/iomad/iomad/

Scores

CVSS v3 4.7

EPSS 0.0027

EPSS Percentile 18.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-74 CWE-89

Status published

Products (18)

n/a/iomad 3.1

n/a/iomad 3.10

n/a/iomad 3.11

n/a/iomad 3.2

n/a/iomad 3.3

n/a/iomad 3.4

n/a/iomad 3.5

n/a/iomad 3.6

n/a/iomad 3.7

n/a/iomad 3.8

... and 8 more

Published Feb 05, 2026

Tracked Since Feb 18, 2026