CVE-2026-36962
SQL Injection in MuuCMF T6 v1.9.4.20260115
Publication date: 2026-05-11
Last updated on: 2026-05-11
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| beijing_huomu_technology_co_ltd | muucmf_t6 | 1.9.5.20260309 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This SQL Injection vulnerability can be detected by sending crafted payloads to the keyword parameter in the /index/controller/Search.php endpoint and observing the server response for anomalies such as delays.
A demonstrated method involves using a time-based SQL injection payload that causes a delay in the server response, indicating the presence of the vulnerability.
For example, you can use curl or similar tools to send a request with a payload that triggers a delay, such as:
- curl -G 'http://target-site/index/controller/Search.php' --data-urlencode "keyword=' OR IF(SLEEP(3),1,0)-- "
If the response time is significantly delayed (e.g., about 3 seconds), it indicates the vulnerability is present.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the vulnerable endpoint /index/controller/Search.php to trusted users or IP addresses to prevent unauthenticated exploitation.
If possible, apply input validation and sanitization on the keyword parameter to prevent SQL injection.
Consider deploying a Web Application Firewall (WAF) to detect and block malicious SQL injection attempts targeting this endpoint.
Monitor server logs for suspicious requests containing SQL injection payloads.
Since no official patch or fix is mentioned, consider upgrading to a newer version of MuuCMF T6 if and when a fixed release becomes available.
Can you explain this vulnerability to me?
This vulnerability is a critical SQL Injection flaw in MuuCMF T6 version 1.9.4.20260115, specifically in the keyword parameter of the /index/controller/Search.php endpoint.
An unauthenticated attacker can exploit improper input handling in the getListByPage() function, which uses raw SQL queries without proper sanitization, allowing malicious SQL commands to be injected.
Exploitation can lead to compromising the entire database, unauthorized administrative access, and potentially remote code execution by writing malicious files to the server's file system.
How can this vulnerability impact me? :
This vulnerability can have severe impacts including full database compromise and unauthorized administrative access.
Attackers can extract sensitive information from the database and, depending on server configuration, may achieve remote code execution by uploading malicious files, potentially taking full control of the affected server.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The SQL Injection vulnerability in MuuCMF T6 allows unauthenticated attackers to compromise the entire database and potentially execute remote code. This can lead to unauthorized access to sensitive personal data stored in the database.
Such unauthorized access and potential data breaches can result in non-compliance with data protection regulations like GDPR and HIPAA, which require organizations to protect personal and sensitive health information from unauthorized access and breaches.
Therefore, exploitation of this vulnerability could lead to violations of these standards due to the exposure or compromise of protected data.