CVE-2026-42425
OpenKM 6.3.12 SQL Injection via DatabaseQuery
Publication date: 2026-05-26
Last updated on: 2026-05-26
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| openkm | openkm | 6.3.12 |
| openkm | openkm | to 7.1.47 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-42425 is a high-severity SQL injection vulnerability found in OpenKM versions 6.3.12 and below, including Professional Edition up to 7.1.47.
This vulnerability allows authenticated administrative users to execute arbitrary SQL commands against the application database through the DatabaseQuery interface.
Attackers exploit this by submitting malicious SQL queries via the 'qs' parameter to the '/admin/DatabaseQuery' endpoint.
The root cause is improper neutralization of special elements in SQL commands, which is a classic SQL injection issue (CWE-89).
How can this vulnerability impact me? :
This vulnerability can have serious impacts including unauthorized extraction of sensitive data such as usernames and password hashes from the OKM_USER table.
Attackers can also modify user permissions or delete critical database records, potentially disrupting application functionality or escalating privileges.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for suspicious SQL queries submitted to the /admin/DatabaseQuery endpoint, specifically those using the qs parameter to execute arbitrary SQL commands.
Proof-of-concept tools and detection templates are available to help identify exploitation attempts of this vulnerability.
Commands to detect this might include inspecting web server logs or using network monitoring tools to filter HTTP requests targeting /admin/DatabaseQuery with qs parameters containing SQL statements.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the /admin/DatabaseQuery endpoint to only trusted administrative users and monitoring for unusual SQL queries.
Since the vulnerability allows authenticated administrative users to execute arbitrary SQL, ensure that administrative credentials are tightly controlled and consider applying any available patches or updates from OpenKM.