CVE Catalog

CVE-2026-52673

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.44%

35th percentile — higher than 35% of all known CVEs

Summary

SQL Injection vulnerability in Cboard v.0.4.2 and earlier allows a remote attacker to execute arbitrary code via the getDimensionsValues component.

Risk Assessment

An attacker can gain unauthorized access to the database, steal or modify data, and in extreme cases take over the server.

Recommendation

Immediately update Cboard to the latest available version and apply parameterized SQL queries in the getDimensionsValues component.

Original NVD description (English source)

SQL Injection vulnerability in Cboard v.0.4.2 and before allows a remote attacker to execute arbitrary code via the getDimensionsValues component

Vulnerability data from NVD (NIST) · CISA KEV · EPSS