Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Thu, 11 Jun 2026 21:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Damasac
Damasac thaipalliative Lte |
|
| Vendors & Products |
Damasac
Damasac thaipalliative Lte |
Thu, 11 Jun 2026 20:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Title | Remote SQL Injection in Thai Palliative LTE EZForm Endpoint |
Thu, 11 Jun 2026 15:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-89 | |
| Metrics |
cvssV3_1
|
Thu, 11 Jun 2026 14:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | SQL Injection vulnerability in damasac thaipalliative_lte through version 3.0 allows remote attackers to execute arbitrary SQL commands via the idFormMain parameter to /substudy/ezform.php (line 14) and the id parameter (line 49). The parameters are concatenated directly into SQL queries without sanitization or parameterized statements. | |
| References |
|
Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2026-06-11T14:40:29.371Z
Reserved: 2026-04-06T00:00:00.000Z
Link: CVE-2026-38581
Updated: 2026-06-11T14:39:58.204Z
Status : Deferred
Published: 2026-06-11T14:16:27.123
Modified: 2026-06-11T16:16:22.620
Link: CVE-2026-38581
No data.
OpenCVE Enrichment
Updated: 2026-06-11T20:45:10Z