Skip to main content

Easyreport

1 CVEs product

Monthly

CVE-2026-9524 MEDIUM This Month

SQL injection in xianrendzw EasyReport up to version 2.0.17.0522_Beta exposes authenticated remote attackers a path to query manipulation via the `reportParams` argument in the REST Endpoint's `execute` function. The CVSS 4.0 score of 5.3 reflects a low-privilege authenticated requirement with partial impact across confidentiality, integrity, and availability - meaning data exfiltration, record tampering, and limited availability disruption are all within scope. No public exploit has been confirmed and no vendor patch exists, as the vendor did not respond to coordinated disclosure; EPSS at 0.03% (8th percentile) corroborates low current exploitation interest.

SQLi Easyreport
NVD VulDB GitHub
CVSS 4.0
5.3
EPSS
0.0%
EPSS 0% CVSS 5.3
MEDIUM This Month

SQL injection in xianrendzw EasyReport up to version 2.0.17.0522_Beta exposes authenticated remote attackers a path to query manipulation via the `reportParams` argument in the REST Endpoint's `execute` function. The CVSS 4.0 score of 5.3 reflects a low-privilege authenticated requirement with partial impact across confidentiality, integrity, and availability - meaning data exfiltration, record tampering, and limited availability disruption are all within scope. No public exploit has been confirmed and no vendor patch exists, as the vendor did not respond to coordinated disclosure; EPSS at 0.03% (8th percentile) corroborates low current exploitation interest.

SQLi Easyreport
NVD VulDB GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy