Phishing Club

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest

CVE-2026-28226 MEDIUM POC PATCH This Month

SQL injection in Phishing Club's GetOrphaned recipient endpoint allows authenticated attackers to manipulate ORDER BY clauses by injecting malicious SQL expressions through an unvalidated sortBy parameter. Public exploit code exists for this vulnerability, affecting versions prior to 1.30.2, where attackers can extract sensitive data despite the lack of direct integrity or availability impact. The vulnerability has been patched in v1.30.2 through implementation of column allowlist validation.

SQLi Phishing Club

NVD GitHub

CVSS 3.1

6.5

EPSS

0.0%

CVE-2026-28226

EPSS 0% CVSS 6.5

MEDIUM POC PATCH This Month

SQL injection in Phishing Club's GetOrphaned recipient endpoint allows authenticated attackers to manipulate ORDER BY clauses by injecting malicious SQL expressions through an unvalidated sortBy parameter. Public exploit code exists for this vulnerability, affecting versions prior to 1.30.2, where attackers can extract sensitive data despite the lack of direct integrity or availability impact. The vulnerability has been patched in v1.30.2 through implementation of column allowlist validation.

SQLi Phishing Club

NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy