CVE-2026-42747
CriticalSummary
CVE-2026-42747 describes an improper neutralization of special elements used in SQL commands, leading to a Blind SQL Injection vulnerability in Easy Form Builder. This issue affects versions from n/a through 4.0.6.
Risk Assessment
An attacker could exploit this vulnerability to perform SQL Injection attacks, potentially leading to unauthorized access to database information. This poses a serious threat to the integrity and confidentiality of the organization's data.
Recommendation
It is recommended to update Easy Form Builder to the latest version to mitigate this vulnerability. Additionally, conducting a security audit of the application is advisable to identify other potential weaknesses.
Original NVD description (English source)
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in hassantafreshi Easy Form Builder easy-form-builder allows Blind SQL Injection.This issue affects Easy Form Builder: from n/a through <= 4.0.6.

