CVE Catalog
CVE-2026-42475
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk0.20%
10th percentile - higher than 10% of all known CVEs
Summary
SQL injection vulnerability in MixPHP Framework versions 2.x through 2.2.17. The flaw exists in the joinOn function in BuildHelper.php, where the `on` array is improperly handled, allowing SQL code injection.
Risk Assessment
An attacker can exploit this vulnerability to execute unauthorized SQL queries, potentially leading to data leakage, modification, or deletion in the database.
Recommendation
Immediately upgrade MixPHP Framework to a version later than 2.2.17 that includes a fix for the SQL injection vulnerability.
Original NVD description (English source)
SQL injection vulnerability in MixPHP Framework 2.x thru 2.2.17 via crafted `on` array to the joinOn function in BuildHelper.php.

