CVE-2026-2247 – SQL Injection in Clickedu’s SaaS platform

CVE ID : CVE-2026-2247

Published : Feb. 17, 2026, 12:16 p.m. | 42 minutes ago

Description : SQL injection vulnerability (SQLi) in Clicldeu SaaS, specifically in the generation of reports, which occurs when a previously authenticated remote attacker executes a malicious payload in the URL generated after downloading the student’s report card in the ‘Day-to-day’ section from the mobile application.

In the URL of the generated PDF, the session token used does not expire, so it remains valid for days after its generation, and unusual characters can be entered after the ‘id_alu’ parameter, resulting in two types of SQLi: boolean-based blind and time-based blind. Exploiting this vulnerability could allow an attacker to access confidential information in the database.

Severity: 8.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE-2026-2247 – SQL Injection in Clickedu’s SaaS platform

تکمیل ظرفیت سرور لهستان

سرور مناسب برای ترید و ارز دیجیتال

دیتاسنتر جدید در لهستان

سرور های جدید از اسپانیا

AMD EPYC & Ryzen از کشور انگلستان

آفر های جدید AMD EPYC و AMD Ryzen

آفر سرور اختصاصی از آمریکا

افزایش قیمت دامنه های ir از ۳۱ خرداد

افزایش قیمت جهانی دامنه .com

آفر های جدید سرور اختصاصی مرداد 1403

CVE-2026-2615 – Wavlink WL-NU516U1 firewall.cgi singlePortForwardDelete command injection

سرور های جدید از روسیه-وارز

تخفیف ویژه دامنه .ASIA

ثبت دامنه .IO

انتقال رایگان پسوند دامنه PW

Kerio Control 9.2.4 Build 2223

نوشته های مشابه

CVE-2026-22208 – OpenS100 Portrayal Engine Unrestricted Lua Standard Library Access

CVE-2026-25087 – Apache Arrow: Potential use-after-free when reading IPC file with pre-buffering

CVE-2026-23861 – Dell Unisphere for PowerMax Cross-site Scripting

CVE-2025-7706 – Improper Access Control in TUBITAK BILGEM’s Liderahenk