Skip to main content

UBB.threads CVE-2026-54222

| EUVDEUVD-2026-37885 HIGH
SQL Injection (CWE-89)
2026-06-18 CERT-PL GHSA-wqx8-qrc6-2wpv
8.6
CVSS 4.0 · Vendor: CERT-PL
Share

Severity by source

Vendor (CERT-PL) PRIMARY
8.6 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
6.7 MEDIUM

Network-reachable admin UI (AV:N, AC:L), but Members Control Panel access requires high-privilege authentication (PR:H); blind SQLi yields full DB read/write (C:H/I:H) with limited availability impact (A:L).

3.1 AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L
4.0 AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N

Primary rating from Vendor (CERT-PL).

CVSS VectorVendor: CERT-PL

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
X

Lifecycle Timeline

1
Analysis Generated
Jun 18, 2026 - 13:31 vuln.today

DescriptionCVE.org

UBB.threads is vulnerable to Blind SQL Injection, allowing attackers with access to the Members in Control Panel to interact with the underlying database. Due to insufficient input sanitization, an attacker can extract sensitive information, such as user credentials, by manipulating SQL queries through time-based or boolean-based techniques. Because vendor contact attempts were unsuccessful, the vulnerability has only been confirmed in version 7.7.5 but may also affect other versions.

AnalysisAI

Authenticated blind SQL injection in UBB.threads forum software version 7.7.5 (and likely other versions) allows administrators with access to the Members section of the Control Panel to extract arbitrary database contents, including user credentials, via time-based or boolean-based SQLi techniques. Reported by CERT-PL after unsuccessful vendor contact, with no public exploit identified at time of analysis and no vendor-released patch.

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Recon
Obtain Control Panel admin credentials
Delivery
Authenticate to UBB.threads admin UI
Exploit
Navigate to Members management
Install
Inject time/boolean SQL payload into vulnerable parameter
C2
Infer database contents bit-by-bit
Execute
Exfiltrate user credential hashes
Impact
Crack hashes and pivot to broader account takeover

Vulnerability AssessmentAI

Exploitation Attacker must already be authenticated to the UBB.threads Control Panel with privileges sufficient to reach the Members management interface (PR:H in the CVSS 4.0 vector) - this is an administrative area, not a public forum page, so anonymous internet attackers cannot reach the sink directly. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:L) realistically captures the risk: network reachable and low complexity, but PR:H meaningfully constrains who can actually exploit it - only users already holding Control Panel / Members-management privileges. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A disgruntled or compromised forum administrator with Members-area access opens the Members section of the Control Panel, intercepts a search or management request, and feeds time-based payloads through a tool like sqlmap into the vulnerable parameter to dump the users table - including password hashes and email addresses - character-by-character from response delays. Those hashes are then cracked offline and reused against the same admin's other staff to escalate control of the forum, or sold; no public exploit is currently identified, but the bug class is trivially weaponizable with off-the-shelf tooling.
Remediation No vendor-released patch identified at time of analysis, since CERT-PL reports vendor contact attempts were unsuccessful; monitor https://www.ubbcentral.com/ and the CERT-PL advisory at https://cert.pl/en/posts/2026/06/CVE-2026-54219 for an updated build beyond 7.7.5. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Inventory all systems running UBB.threads forum software and confirm which versions are deployed, prioritizing identification of version 7.7.5 installations. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-54222 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy