CVE-2026-38581 – Damasac thaipalliative_lte SQL Injection

CVE ID :CVE-2026-38581

Published : June 11, 2026, 2:16 p.m. | 1 hour, 3 minutes ago

Description :SQL Injection vulnerability in damasac thaipalliative_lte through version 3.0 allows remote attackers to execute arbitrary SQL commands via the idFormMain parameter to /substudy/ezform.php (line 14) and the id parameter (line 49). The parameters are concatenated directly into SQL queries without sanitization or parameterized statements.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2026-9648 – CVE-2026-9648

CVE-2026-7870 – IBM i is Affected by Privilege Escalation []

CVE-2026-7787 – Unauthenticated Session History Access via Public Flow Execution

CVE-2026-53777 – Perry < 0.5.1159 Path Traversal via ArtifactReady WebSocket