EUVD-2026-20051
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3Tags
Description
SQL Injection vulnerability exists in MATCHA INVOICE 2.6.6 and earlier. If this vulnerability is exploited, information stored in the database may be obtained or altered by a user who can log in to the product.
Analysis
SQL injection in MATCHA INVOICE 2.6.6 and earlier allows authenticated users with low-level privileges to extract or modify database contents via network access. With CVSS 8.8 (High severity), low attack complexity, and no user interaction required, authenticated attackers can achieve full confidentiality, integrity, and availability impact on the application database. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Inventory all MATCHA INVOICE deployments and identify versions running 2.6.6 or earlier; notify stakeholders of high-severity risk exposure. Within 7 days: Implement database access logging and monitor for suspicious SQL activity; restrict low-privilege account permissions where operationally feasible; segment MATCHA INVOICE network access to limit lateral movement. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today