CVE-2026-30995
SQL Injection in Slah CMS vereador_ver.php Endpoint
Publication date: 2026-04-15
Last updated on: 2026-04-15
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| slah_informΓ‘tica | slah_cms | to 1.5.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
This vulnerability is a critical SQL Injection flaw in Slah CMS v1.5.0 and below, allowing unauthenticated remote attackers to inject arbitrary SQL commands via the id parameter in the vereador_ver.php endpoint.
Exploitation can lead to enumeration of database schema information, extraction of sensitive data such as administrative credentials, emails, and password hashes, and overall compromise of database confidentiality and integrity.
Because the vulnerability allows attackers to execute arbitrary SQL queries, it can result in unauthorized data disclosure, data manipulation, and potential disruption of application availability.
Can you explain this vulnerability to me?
Slah CMS version 1.5.0 and earlier contains a SQL injection vulnerability. This vulnerability exists in the vereador_ver.php endpoint and is triggered via the id parameter.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by sending specially crafted HTTP GET requests to the vereador_ver.php endpoint with SQL injection payloads in the id parameter and analyzing the responses for signs of SQL injection.
Example payloads to test include:
- ?id=-53' UNION SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15-- -
- ?id=-53' UNION SELECT 1,group_concat(table_name SEPARATOR 0x3c62723e),3,4,5,6,7,8,9,10,11,12,13,14,15 FROM information_schema.tables WHERE table_schema=database()-- -
- ?id=-53' UNION SELECT 1,email,3,4,5,6,password,8,9,10,11,12,13,14,15 FROM users-- -
You can use tools like curl or wget to send these requests and inspect the HTTP responses for database error messages or extracted data indicating a successful SQL injection.
Additionally, an automated Perl-based exploit script is available that can enumerate databases, tables, columns, and dump data by sending crafted requests and parsing responses.
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to update Slah CMS to the latest patched version released by the vendor on 2026-01-05.
The patch replaces unsafe string concatenation with parameterized queries, ensuring user input is treated strictly as data and preventing SQL injection.
If updating immediately is not possible, consider implementing web application firewall (WAF) rules to block suspicious input patterns targeting the id parameter in vereador_ver.php.
Also, review and restrict access to the vulnerable endpoint and monitor logs for unusual requests containing SQL injection payloads.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
CVE-2026-30995 is a critical SQL Injection vulnerability that allows unauthenticated attackers to extract sensitive data such as administrative credentials and user information from the database of Slah CMS-based governmental websites.
Such unauthorized access and data exfiltration can lead to breaches of confidentiality and integrity of sensitive personal and administrative data, which may result in non-compliance with data protection regulations like GDPR and HIPAA that require safeguarding personal data against unauthorized access.
Therefore, exploitation of this vulnerability could cause affected organizations to violate these common standards and regulations due to exposure of sensitive information and failure to maintain adequate security controls.