{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-1517", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-01-28T06:31:08.514Z", "datePublished": "2026-02-05T12:02:06.834Z", "dateUpdated": "2026-02-05T12:02:06.834Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-02-05T12:02:06.834Z"}, "title": "iomad Company Admin Block sql injection", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-89", "lang": "en", "description": "SQL Injection"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-74", "lang": "en", "description": "Injection"}]}], "affected": [{"vendor": "n/a", "product": "iomad", "versions": [{"version": "3.1", "status": "affected"}, {"version": "3.2", "status": "affected"}, {"version": "3.3", "status": "affected"}, {"version": "3.4", "status": "affected"}, {"version": "3.5", "status": "affected"}, {"version": "3.6", "status": "affected"}, {"version": "3.7", "status": "affected"}, {"version": "3.8", "status": "affected"}, {"version": "3.9", "status": "affected"}, {"version": "3.10", "status": "affected"}, {"version": "3.11", "status": "affected"}, {"version": "4.0", "status": "affected"}, {"version": "4.1", "status": "affected"}, {"version": "4.2", "status": "affected"}, {"version": "4.3", "status": "affected"}, {"version": "4.4", "status": "affected"}, {"version": "4.5", "status": "affected"}, {"version": "5.0", "status": "affected"}, {"version": "4.5 LTS", "status": "unaffected"}, {"version": "5.0", "status": "unaffected"}], "modules": ["Company Admin Block"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was identified in iomad up to 5.0. Affected is an unknown function of the component Company Admin Block. Such manipulation leads to sql injection. The attack can be executed remotely. Upgrading to version 4.5 LTS and 5.0 is able to address this issue. You should upgrade the affected component."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.1, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 4.7, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 4.7, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 5.8, "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P/E:POC/RL:OF/RC:C"}}], "timeline": [{"time": "2026-01-18T01:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-01-21T01:00:00.000Z", "lang": "en", "value": "Vendor acknowledged"}, {"time": "2026-01-27T21:29:20.000Z", "lang": "en", "value": "Countermeasure disclosed"}, {"time": "2026-02-05T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-02-05T12:37:32.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "Vaibhav Gupta (Appfend Technologies Limited)", "type": "finder"}, {"lang": "en", "value": "VulDB GitHub Analyzer", "type": "tool"}], "references": [{"url": "https://vuldb.com/?id.344487", "name": "VDB-344487 | iomad Company Admin Block sql injection", "tags": ["vdb-entry"]}, {"url": "https://vuldb.com/?ctiid.344487", "name": "VDB-344487 | CTI Indicators (IOB, IOC, TTP)", "tags": ["signature", "permissions-required"]}, {"url": "https://github.com/iomad/iomad/issues/2559", "tags": ["issue-tracking"]}, {"url": "https://github.com/iomad/iomad/issues/2559#issuecomment-3841174677", "tags": ["issue-tracking", "patch"]}, {"url": "https://github.com/iomad/iomad/", "tags": ["product"]}]}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was identified in iomad up to 5.0. Affected is an unknown function of the component Company Admin Block. Such manipulation leads to sql injection. The attack can be executed remotely. Upgrading to version 4.5 LTS and 5.0 is able to address this issue. You should upgrade the affected component."}], "id": "CVE-2026-1517", "lastModified": "2026-02-05T12:15:59.930", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "MULTIPLE", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 6.4, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.1, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "HIGH", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-02-05T12:15:59.930", "references": [{"source": "cna@vuldb.com", "url": "https://github.com/iomad/iomad/"}, {"source": "cna@vuldb.com", "url": "https://github.com/iomad/iomad/issues/2559"}, {"source": "cna@vuldb.com", "url": "https://github.com/iomad/iomad/issues/2559#issuecomment-3841174677"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?ctiid.344487"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?id.344487"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-89"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}

{}