← voltar
CVE-2026-11453

Tiobon Employee Self-Service System Login Endpoint BlogSearch.aspx sql injection

CVSS 5.3 MEDIUMEPSS 0.2%CWE-74CWE-89
A vulnerability was found in Tiobon Employee Self-Service System up to 7.2. Affected by this vulnerability is an unknown functionality of the file /Blog/BlogSearch.aspx of the component Login Endpoint. The manipulation of the argument Keyword results in sql injection. The attack can be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
Produtos afetados
Tiobon · Employee Self-Service System
PoCs públicas encontradas1
cve_referencedrive.google.com/file/d/1kRvYG4Mi2kDtPv1HpY_86KiMcWGqGMnl/view?usp=drive_linknão verificado
⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://drive.google.com/file/d/1kRvYG4Mi2kDtPv1HpY_86KiMcWGqGMnl/view?usp=drive_linkhttps://vuldb.com/cve/CVE-2026-11453https://vuldb.com/submit/826640https://vuldb.com/vuln/369073https://vuldb.com/vuln/369073/cti