Description
OpenCATS through 0.9.7.4 contains a sql injection vulnerability in the sortDirection parameter of the DataGrid component that allows authenticated users to extract database contents. Attackers can inject malicious SQL via the sortDirection parameter in ajax/getDataGridPager.php to perform time-based blind injection attacks and read sensitive data.
Published: 2026-05-31
Score: 8.4 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

OpenCATS up through version 0.9.7.4 contains a SQL injection flaw in the sortDirection parameter of its DataGrid component. An attacker who is already authenticated can supply malicious SQL code through the ajax/getDataGridPager.php endpoint, enabling blind, time‑based injection that can extract sensitive database contents. The weakness, identified as CWE‑89, directly compromises data confidentiality but does not provide immediate code execution or DoS capabilities.

Affected Systems

The vulnerability affects all installations of the OpenCATS Portfolio of candidates, materially impacting any OpenCATS instance whose database holds sensitive campaign, applicant, or customer data, including versions up to and including 0.9.7.4.

Risk and Exploitability

With a CVSS score of 8.4, the flaw is deemed high severity. Exploitation requires legitimate user credentials, so attackers must bypass or obtain authentication before abusing the injection point. The EPSS score is currently not available, and the vulnerability is not catalogued in the CISA KEV list, but the high CVSS and authentication requirement still represent a significant risk of unintentional data exposure in environments where credentials are compromised or where user accounts have broader privileges.

Generated by OpenCVE AI on May 31, 2026 at 13:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade OpenCATS to version 0.9.7.5 or later where the sortDirection parameter has been properly validated and parameterized.
  • If an upgrade is not immediately possible, sanitize user-supplied values for sortDirection by allowing only "ASC" or "DESC" strings and rejecting or escaping all other inputs.
  • Enforce strict role‑based access controls to limit authenticated users who can invoke the DataGrid query, thereby reducing the attack surface for the injection vulnerability.

Generated by OpenCVE AI on May 31, 2026 at 13:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sun, 31 May 2026 12:30:00 +0000

Type Values Removed Values Added
Description OpenCATS through 0.9.7.4 contains a sql injection vulnerability in the sortDirection parameter of the DataGrid component that allows authenticated users to extract database contents. Attackers can inject malicious SQL via the sortDirection parameter in ajax/getDataGridPager.php to perform time-based blind injection attacks and read sensitive data.
Title OpenCATS - SQL Injection in DataGrid sortDirection Parameter
First Time appeared Opencats
Opencats opencats
Weaknesses CWE-89
CPEs cpe:2.3:a:opencats:opencats:*:*:*:*:*:*:*:*
Vendors & Products Opencats
Opencats opencats
References
Metrics cvssV3_1

{'score': 8.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L'}

cvssV4_0

{'score': 8.4, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:L/SC:H/SI:N/SA:L'}

Subscriptions

Opencats Opencats
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-05-31T12:04:48.034Z

Reserved: 2026-05-31T11:54:34.993Z

Link: CVE-2026-49489

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-31T13:16:49.090

Modified: 2026-05-31T13:16:49.090

Link: CVE-2026-49489

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-31T13:30:03Z

Weaknesses