CVE-2026-6562

HIGH

dameng100 muucmf index.html getListByPage sql injection

Title source: cna

Description

A flaw has been found in dameng100 muucmf 1.9.5.20260309. Impacted is the function getListByPage of the file /index/Search/index.html. Executing a manipulation of the argument keyword can lead to sql injection. The attack may be performed from remote. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

References (4)

Scores

CVSS v3 7.3
EPSS 0.0003
EPSS Percentile 8.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Details

CWE
CWE-74 CWE-89
Status published
Products (1)
dameng100/muucmf 1.9.5.20260309
Published Apr 19, 2026
Tracked Since Apr 19, 2026