CVE-2026-42425

HIGH

OpenKM 6.3.12 Unrestricted SQL Execution via DatabaseQuery

Title source: cna

Exploitation Summary

EIP tracks 1 public exploit for CVE-2026-42425. PoCs published by skumar.

AI-analyzed exploit summary This exploit demonstrates multiple vulnerabilities in OpenKM, including LFI, RCE, and SQLi. It leverages the admin scripting interface to execute arbitrary commands and read files, and exploits unrestricted SQL queries to dump user credentials.

Description

OpenKM 6.3.12 contains an unrestricted SQL execution vulnerability that allows authenticated administrative users to execute arbitrary SQL statements against the application database via the DatabaseQuery interface. Attackers can submit malicious SQL queries through the qs parameter to the /admin/DatabaseQuery endpoint to extract sensitive data including usernames and password hashes from the OKM_USER table, modify permissions, or delete database records.

Exploits (1)

exploitdb WORKING POC

by skumar · pythonwebappsmultiple

https://www.exploit-db.com/exploits/52520

View Code ZIP pw:eip

This exploit demonstrates multiple vulnerabilities in OpenKM, including LFI, RCE, and SQLi. It leverages the admin scripting interface to execute arbitrary commands and read files, and exploits unrestricted SQL queries to dump user credentials.

Classification

Working Poc 95%

Attack Type

Rce | Sqli | Info Leak

Complexity

Moderate

Reliability

Reliable

Target: OpenKM Community Edition 6.3.12 and OpenKM Pro Edition 7.1.47 and previous versions

Auth required

Prerequisites: valid credentials (default or provided) · access to admin interfaces

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution T1005 - Data from Local System T1552 - Unsecured Credentials

devstral-2 · analyzed May 26, 2026 Full analysis →

References (7)

Core 7

Core References

Exploit exploit

ExploitDB-52520

https://www.exploit-db.com/exploits/52520

Product product

Official Product Homepage

https://www.openkm.com/

Product product

Product Reference

https://hub.docker.com/r/openkm/openkm-ce

Vendor Advisory vendor-advisory

Vulnerability Advisory

https://terrasystemlabs.com/post?slug=openkm-zero-day-vulnerabilities-terra-system-labs

Product product

Proof-of-Concept Toolkit

https://github.com/terrasystemlabs/Exploits/tree/main/OpenKM-Exploits

Product product

Nuclei Detection Template

https://github.com/terrasystemlabs/Exploits/tree/main/OpenKM-Exploits/nuclei-templates/openkm-sql-database-query

Third Party Advisory third-party-advisory

VulnCheck Advisory: OpenKM 6.3.12 Unrestricted SQL Execution via DatabaseQuery

https://www.vulncheck.com/advisories/openkm-unrestricted-sql-execution-via-databasequery

Scores

CVSS v3 7.2

EPSS 0.0064

EPSS Percentile 45.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-89

Status published

Products (2)

Openkm/OpenKM Community Edition < 6.3.12

Openkm/OpenKM Professional Edition < 7.1.47

Published May 26, 2026

Tracked Since May 26, 2026