Skip to main content

SSCMS CVE-2026-7435

| EUVDEUVD-2026-26437 HIGH
SQL Injection (CWE-89)
2026-04-30 VulnCheck
8.6
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
8.6 HIGH
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
X

Lifecycle Timeline

6
Re-analysis Queued
Apr 30, 2026 - 21:22 vuln.today
cvss_changed
CVSS changed
Apr 30, 2026 - 21:22 NVD
7.2 (HIGH) 8.6 (HIGH)
Analysis Generated
Apr 30, 2026 - 20:45 vuln.today
EUVD ID Assigned
Apr 30, 2026 - 20:30 euvd
EUVD-2026-26437
Analysis Generated
Apr 30, 2026 - 20:30 vuln.today
CVE Published
Apr 30, 2026 - 20:09 nvd
HIGH 8.6

DescriptionCVE.org

SSCMS v7.4.0 contains a SQL injection vulnerability in the stl:sqlContent tag where the queryString attribute is passed directly to database execution without parameterization or sanitization. Attackers can craft encrypted payloads submitted to the /api/stl/actions/dynamic endpoint to execute arbitrary SQL statements, leading to unauthorized database access, data disclosure, authentication bypass, data modification, or complete database compromise.

AnalysisAI

SQL injection in SSCMS v7.4.0 enables high-privileged attackers to execute arbitrary SQL statements via the stl:sqlContent tag's queryString attribute. Attackers with administrative access can craft encrypted payloads to the /api/stl/actions/dynamic endpoint, bypassing parameterization controls to achieve database compromise, authentication bypass, or complete data exfiltration. EPSS data not available; no confirmed active exploitation (CISA KEV negative); public exploit code availability unknown but detailed technical advisory published by VulnCheck increases weaponization risk.

Technical ContextAI

SSCMS (SiteServer CMS) is a .NET-based content management system maintained by SiteServer. The vulnerability exists in the STL (SiteServer Template Language) templating engine's stl:sqlContent tag, which allows dynamic database queries via the queryString attribute. The flaw arises from insufficient input sanitization before SQL execution - the system accepts encrypted payloads at the /api/stl/actions/dynamic endpoint without proper parameterized query implementation. This is a classic CWE-89 SQL injection vulnerability where user-controlled input flows directly into database commands. The CPE designation cpe:2.3:a:siteserver:sscms:*:*:*:*:*:*:*:* indicates the vulnerability affects the SiteServer SSCMS product line, with version 7.4.0 specifically confirmed vulnerable.

RemediationAI

Upgrade to a patched version of SSCMS beyond v7.4.0 when released by SiteServer; monitor the GitHub repository at https://github.com/siteserver/cms and issue tracker at https://github.com/siteserver/cms/issues/3891 for official vendor response and fix availability. No vendor-released patch version is confirmed in available data at time of analysis. As compensating controls until patch deployment: restrict administrative account access to trusted users only with strong MFA enforcement; audit all existing administrative accounts and disable unused ones; implement database-level query monitoring and alerting for suspicious SQL patterns originating from the SSCMS application user; consider disabling the stl:sqlContent tag functionality in template configurations if not required for production operations (note: this may break existing content features relying on dynamic queries); deploy web application firewall rules to inspect /api/stl/actions/dynamic endpoint traffic for SQL injection patterns, though encrypted payloads may evade signature-based detection; apply principle of least privilege to SSCMS database connection accounts to limit potential damage from successful exploitation.

Share

CVE-2026-7435 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy