Description
SSCMS v7.4.0 contains a SQL injection vulnerability in the stl:sqlContent tag where the queryString attribute is passed directly to database execution without parameterization or sanitization. Attackers can craft encrypted payloads submitted to the /api/stl/actions/dynamic endpoint to execute arbitrary SQL statements, leading to unauthorized database access, data disclosure, authentication bypass, data modification, or complete database compromise.
Published: 2026-04-30
Score: 8.6 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The flaw resides in the stl:sqlContent tag of SSCMS version 7.4.0 where the queryString attribute is forwarded directly to the database without any form of sanitization or parameterization. This omission allows an attacker to craft an encrypted payload that is passed to the /api/stl/actions/dynamic endpoint and to execute arbitrary SQL statements. The outcome is the possibility of unauthorized database access, data disclosure, authentication bypass, data modification, or full database compromise, reflecting a classic SQL Injection weakness (CWE‑89).

Affected Systems

The only product and version marked as vulnerable are Siteserver’s SSCMS 7.4.0. No other releases are listed as affected, so the risk is limited to deployments running that exact CMS version.

Risk and Exploitability

The CVSS score of 8.6 classifies the vulnerability as high severity. The EPSS score is not available, so the exact likelihood of exploitation remains uncertain. Because the injection occurs through the /api/stl/actions/dynamic HTTP endpoint, it is inferred that attackers can remotely exploit the flaw by submitting crafted requests. The vulnerability is not listed in the CISA KEV catalog, indicating it has not yet appeared in known exploit sets but remains potentially exploitable if the endpoint remains reachable to untrusted users.

Generated by OpenCVE AI on May 2, 2026 at 00:17 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade SSCMS to the newest release that contains the fix for the stl:sqlContent injection issue.
  • Limit or block access to the /api/stl/actions/dynamic endpoint for unauthenticated or untrusted traffic, or enforce strict firewall rules to restrict request sources.
  • Apply input validation and ensure all database interactions use parameterized queries; enable database auditing to detect suspicious activity.

Generated by OpenCVE AI on May 2, 2026 at 00:17 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 04 May 2026 14:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 01 May 2026 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Siteserver
Siteserver sscms
Vendors & Products Siteserver
Siteserver sscms

Thu, 30 Apr 2026 20:30:00 +0000

Type Values Removed Values Added
Description SSCMS v7.4.0 contains a SQL injection vulnerability in the stl:sqlContent tag where the queryString attribute is passed directly to database execution without parameterization or sanitization. Attackers can craft encrypted payloads submitted to the /api/stl/actions/dynamic endpoint to execute arbitrary SQL statements, leading to unauthorized database access, data disclosure, authentication bypass, data modification, or complete database compromise.
Title SSCMS v7.4.0 SQL Injection via stl:sqlContent queryString
Weaknesses CWE-89
References
Metrics cvssV3_1

{'score': 7.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.6, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Siteserver Sscms
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-05-04T13:24:44.833Z

Reserved: 2026-04-29T15:22:42.018Z

Link: CVE-2026-7435

cve-icon Vulnrichment

Updated: 2026-05-04T13:24:32.923Z

cve-icon NVD

Status : Deferred

Published: 2026-04-30T21:16:34.100

Modified: 2026-05-04T14:16:36.650

Link: CVE-2026-7435

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-02T00:30:16Z

Weaknesses