CVE-2026-51946
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk26th percentile — higher than 26% of all known CVEs
Summary
SQL Injection vulnerability in GoAdminGroup GoAdmin (last release v1.2.26) allows a remote attacker to execute arbitrary code and obtain sensitive information via the __sort_type URL parameter on all /admin/info/{table} endpoints.
Risk Assessment
An attacker can exfiltrate database contents, including credentials and sensitive data, and potentially gain full control over the server.
Recommendation
Immediately update GoAdmin to the latest patched version or apply temporary mitigations such as input validation and sanitization of the __sort_type parameter.
Original NVD description (English source)
SQL Injection vulnerability in GoAdminGroup GoAdmin (last release v1.2.26) allows a remote attacker to execute arbitrary code and obtain sensitive information via the the __sort_type URL parameter on all /admin/info/{table} endpoints

