Description
C&Cm@il developed by HGiga has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents.
Published: 2026-02-09
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized database data exposure
Action: Patch Immediately
AI Analysis

Impact

HGiga’s C&Cm@il package contains a SQL Insertion flaw that permits authenticated remote attackers to inject and run arbitrary SQL commands against the back‑end database, resulting in the potential disclosure of sensitive data. The vulnerability stems from improper handling of user input, matching CWE‑89 (SQL injection).

Affected Systems

The flaw affects the HGiga C&Cm@il package named olln-base, specifically versions prior to 7.0‑978. Users running these older releases are at risk.

Risk and Exploitability

The CVSS score is 7.1, indicating a high severity level. The EPSS score is below 1 %, suggesting that real‑world exploitation is currently rare, and the vulnerability is not listed in the CISA KEV catalog. The attack appears to require an authenticated remote session; only users with valid credentials can exploit the flaw to read database contents. This inference is drawn from the description provided.

Generated by OpenCVE AI on April 17, 2026 at 21:33 UTC.

Remediation

Vendor Solution

Update package olln-base to version 7.0-978 or later.

OpenCVE Recommended Actions

  • Update the olln-base package to version 7.0‑978 or later, as released by HGiga.
  • Re‑evaluate and constrain user accounts that have access to the C&Cm@il application to enforce least‑privilege principles.
  • Disable or tightly control remote database access unless it is absolutely required for business operations.
  • Continuously monitor application logs for unexpected SQL queries or error messages that may indicate exploitation attempts.

Generated by OpenCVE AI on April 17, 2026 at 21:33 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 10 Feb 2026 12:45:00 +0000

Type Values Removed Values Added
First Time appeared Hgiga
Hgiga c&cm@il Package Olln-base
Vendors & Products Hgiga
Hgiga c&cm@il Package Olln-base

Mon, 09 Feb 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 09 Feb 2026 07:45:00 +0000

Type Values Removed Values Added
Description C&Cm@il developed by HGiga has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents.
Title HGiga|C&Cm@il - SQL Injection
Weaknesses CWE-89
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}

cvssV4_0

{'score': 7.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Hgiga C&cm@il Package Olln-base
cve-icon MITRE

Status: PUBLISHED

Assigner: twcert

Published:

Updated: 2026-02-09T15:43:12.332Z

Reserved: 2026-02-09T06:08:59.763Z

Link: CVE-2026-2235

cve-icon Vulnrichment

Updated: 2026-02-09T15:43:03.947Z

cve-icon NVD

Status : Deferred

Published: 2026-02-09T08:16:12.463

Modified: 2026-04-15T00:35:42.020

Link: CVE-2026-2235

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T21:45:28Z

Weaknesses