CVE-2026-5577
SQL Injection in Song-Li cross_browser Endpoint Enables Remote Attack
Publication date: 2026-04-05
Last updated on: 2026-04-30
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| songli | cross_browser_fingerprinting | to 2022-01-17 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-74 | The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component. |
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-5577 is a SQL Injection vulnerability found in the legacy MySQL backend of the cross_browser project, specifically in the `/details` endpoint handled by the file `flask/uniquemachine_app.py`.
The vulnerability occurs because the application reads an `ID` value from a JSON POST request and directly concatenates it into a SQL SELECT query without any parameterization or escaping. This allows an attacker to manipulate the SQL query by sending crafted input.
For example, an attacker can send a JSON payload like `{"ID": "' OR 1=1 # "}` which causes the backend to execute a query that returns all rows from the database table instead of filtering by a specific fingerprint.
No authentication or authorization is required to exploit this vulnerability, and the attack can be executed remotely by sending HTTP POST requests to the vulnerable endpoint.
How can this vulnerability impact me? :
This vulnerability can have several impacts:
- Confidentiality: High risk as attackers can retrieve unintended data from the database and potentially exfiltrate sensitive information depending on database permissions.
- Integrity: Low to Medium risk since the vulnerable code only performs SELECT queries, but the impact could increase if the attacker manages to execute write-capable or stacked queries.
- Availability: Low to Medium risk because attackers can perform time-based or expensive queries that degrade the service performance.
- Scope: The vulnerability does not change the scope of the affected components.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by sending crafted HTTP POST requests with JSON payloads to the /details endpoint of the legacy backend (flask/uniquemachine_app.py) and observing the response for SQL injection behavior.
A common detection method is to send a JSON payload such as {"ID": "' OR 1=1 # "} to the /details endpoint and check if the response returns all rows from the database instead of filtering by a specific ID.
Example curl command to test the vulnerability:
- curl -X POST -H "Content-Type: application/json" -d '{"ID": "' OR 1=1 # "}' http://<target-host>/details
If the response contains data that should normally be filtered, this indicates the presence of the SQL injection vulnerability.
Additionally, monitoring network traffic for POST requests to /details with JSON bodies containing suspicious SQL syntax or unusual input patterns can help detect exploitation attempts.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include:
- Avoid deploying or disable the vulnerable legacy backend flask/uniquemachine_app.py that handles the /details endpoint.
- Restrict access to the /details endpoint to trusted users and networks only, for example by using network-level controls or firewall rules.
- Place the service behind application firewalls or reverse proxies that can detect and block SQL injection payloads.
- Use database accounts with minimal privileges to limit the impact of any successful injection.
- If possible, switch to the non-SQL experimental backend or apply patches that use parameterized queries instead of string concatenation.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This SQL Injection vulnerability allows attackers to retrieve unintended data from the database, potentially leading to unauthorized access to sensitive information.
Such unauthorized data access can result in breaches of confidentiality, which may violate data protection regulations like GDPR and HIPAA that require safeguarding personal and sensitive data.
Because the vulnerability enables data exfiltration without authentication, it increases the risk of non-compliance with standards mandating strict access controls and data security measures.