Skip to main content

MixPHP Framework CVE-2026-42474

| EUVD-2026-26675 MEDIUM
SQL Injection (CWE-89)
2026-05-01 mitre
PHP SQLi
6.5
CVSS 3.1
Share

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

5
Analysis Generated
May 01, 2026 - 19:23 vuln.today
CVSS changed
May 01, 2026 - 19:22 NVD
6.5 (None) 6.5 (MEDIUM)
EUVD ID Assigned
May 01, 2026 - 16:00 euvd
EUVD-2026-26675
Analysis Generated
May 01, 2026 - 16:00 vuln.today
CVE Published
May 01, 2026 - 00:00 nvd
MEDIUM 6.5

DescriptionNVD

SQL injection vulnerability in MixPHP Framework 2.x thru 2.2.17 via crafted data array to the data function in BuildHelper.php.

AnalysisAI

SQL injection in MixPHP Framework 2.x through 2.2.17 allows unauthenticated remote attackers to read or modify database contents via a crafted data array passed to the data function in BuildHelper.php. The vulnerability has an automatable exploitation path per CISA SSVC but no public exploit code or active KEV listing identified at analysis time. …

Sign in for full analysis, threat intelligence, and remediation guidance.

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Sign in - Free

Share

CVE-2026-42474 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy