Skip to main content

Yoren Chang Media Search Enhanced CVE-2026-23805

HIGH
SQL Injection (CWE-89)
2026-02-19 audit@patchstack.com
7.6
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.6 HIGH
AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
None
Availability
Low

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 22:03 vuln.today
CVE Published
Feb 19, 2026 - 09:16 nvd
HIGH 7.6

DescriptionCVE.org

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Yoren Chang Media Search Enhanced media-search-enhanced allows SQL Injection.This issue affects Media Search Enhanced: from n/a through <= 0.9.1.

AnalysisAI

SQL injection in Yoren Chang Media Search Enhanced through version 0.9.1 enables unauthenticated remote attackers to execute arbitrary SQL queries and extract sensitive data from the underlying database. With high privileges required for exploitation, an authenticated attacker with administrative access can manipulate SQL commands to compromise data confidentiality while causing minor service disruption. No patch is currently available.

Technical ContextAI

Classified as CWE-89 (SQL Injection). Affects Yoren Chang Media Search Enhanced media-search-enhanced. Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Yoren Chang Media Search Enhanced media-search-enhanced allows SQL Injection.This issue affects Media Search Enhanced: from n/a through <= 0.9.1.

Affected ProductsAI

Product: Yoren Chang Media Search Enhanced media-search-enhanced.

RemediationAI

Monitor vendor advisories for a patch. Use parameterized queries. Implement input validation. Restrict network access to the affected service where possible.

Share

CVE-2026-23805 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy