CVE Catalog

CVE-2026-54809

CriticalCVSS 9.3
Published: Updated: Translated: NVD NIST

Summary

CVE-2026-54809 describes an improper neutralization of special elements used in SQL commands, allowing for Blind SQL Injection in the VillaTheme GIFT4U application.

Risk Assessment

An attacker could exploit this vulnerability to gain unauthorized access to database information, potentially leading to serious security breaches.

Recommendation

It is recommended to update to the latest version of GIFT4U and implement appropriate security measures against SQL Injection attacks.

Original NVD description (English source)

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VillaTheme GIFT4U allows Blind SQL Injection. This issue affects GIFT4U: from n/a through 1.0.10.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS