CRITICAL🇵🇱 Wersja polska

CVE-2026-3325

CVSS 10.0v4.0pub. 2026-04-29upd. 2026-05-19

SQL injection (SQLi) in MegaCMS v12.0.0, specifically in the “id_territorio” parameter of the “/web_comunications/cms/get_provincias” endpoint. The vulnerability arises from inadequate validation and sanitisation of user input. Specifically, via a POST request, the “id_territorio” parameter, used immediately after the registration form is submitted, could be manipulated by an unauthenticated attacker to execute arbitrary SQL queries.

🤖 AI Analysis
How it works

The vulnerability results from insufficient validation and sanitization of user-supplied input data. Through a POST request to the endpoint "/web_comunications/cms/get_provincias", an attacker can manipulate the value of the "id_territorio" parameter, which is processed directly after the registration form submission. This parameter is passed to the SQL query without proper sanitization, enabling malicious SQL code injection. The attack requires no authentication or interaction from other users.

Impact

An attacker can execute arbitrary SQL queries on the system database, which may lead to unauthorized data reading, modification, or deletion, and in certain configurations may also result in takeover of database system control. The vulnerability also enables authentication mechanism bypass (Auth Bypass).

Mitigation & patch

Patches available from the vendor should be applied in accordance with the references. Until the fix is implemented, it is recommended to restrict network access to the vulnerable endpoint "/web_comunications/cms/get_provincias" and implement firewall / WAF rules blocking SQL injection attempts.

Who is affected

MegaCMS version 12.0.0 (vendor: CRM Sistemas de Fidelización)

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
SQLiAuth Bypass
CWE
References