Description
SQL Injection in MuuCMF T6 v1.9.4.20260115 allows an unauthenticated attacker to compromise the entire database, achieve unauthorized administrative access, and potentially gain remote code execution by writing malicious files to the server's file system via the keyword parameter in the /index/controller/Search.php endpoint.
Published: 2026-05-11
Score: 7.3 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An unauthenticated attacker can exploit a SQL injection flaw in the keyword parameter of the /index/controller/Search.php endpoint of MuuCMF T6 v1.9.4.20260115. The flaw permits arbitrary SQL commands to be executed against the database, enabling a complete dump or modification of the database, elevation to administrative privileges, and writing of malicious files to the server’s file system, which can culminate in remote code execution.

Affected Systems

MuuCMF T6 v1.9.4.20260115 (the affected version is only the one listed; no other versions are documented).

Risk and Exploitability

The EPSS score is below 1%, indicating a very low probability of exploitation, and the vulnerability is not listed in KEV. The attack path is simple: an unauthenticated HTTP request with a crafted keyword value triggers the injection. Because the endpoint accepts user input without proper sanitization, the attacker can control the SQL statement. The CVSS score of 7.3 indicates a high severity level. The potential damage ranges from full database compromise to remote code execution, making the risk very high. The exploitation does not require prior authentication or special network access beyond reaching the vulnerable endpoint.

Generated by OpenCVE AI on May 12, 2026 at 22:27 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor’s patch or upgrade to the latest MuuCMF T6 release that fixes the SQL injection in Search.php.
  • Implement input validation or switch to prepared statements for all database queries, especially the keyword parameter.
  • Restrict the database user’s privileges to the minimum required for the application and disable file write permissions for the web server if they are not needed.

Generated by OpenCVE AI on May 12, 2026 at 22:27 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 12 May 2026 22:45:00 +0000

Type Values Removed Values Added
Title Unauthenticated SQL Injection in MuuCMF T6 Enables Full Database Compromise and Potential Remote Code Execution

Tue, 12 May 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 12 May 2026 09:30:00 +0000

Type Values Removed Values Added
First Time appeared Dameng100
Dameng100 muucmf
Vendors & Products Dameng100
Dameng100 muucmf

Mon, 11 May 2026 18:45:00 +0000

Type Values Removed Values Added
Title Unauthenticated SQL Injection in MuuCMF T6 Enables Full Database Compromise and Potential Remote Code Execution
Weaknesses CWE-89

Mon, 11 May 2026 17:30:00 +0000

Type Values Removed Values Added
Description SQL Injection in MuuCMF T6 v1.9.4.20260115 allows an unauthenticated attacker to compromise the entire database, achieve unauthorized administrative access, and potentially gain remote code execution by writing malicious files to the server's file system via the keyword parameter in the /index/controller/Search.php endpoint.
References

Subscriptions

Dameng100 Muucmf
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-05-12T19:21:51.684Z

Reserved: 2026-04-06T00:00:00.000Z

Link: CVE-2026-36962

cve-icon Vulnrichment

Updated: 2026-05-12T19:21:38.716Z

cve-icon NVD

Status : Deferred

Published: 2026-05-11T18:16:32.483

Modified: 2026-05-12T20:16:39.590

Link: CVE-2026-36962

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-12T22:30:05Z

Weaknesses