CVE-2026-14750

mjperpinosa · stumasy

A SQL injection vulnerability in mjperpinosa stumasy allows unauthenticated attackers to execute malicious database queries via improper input handling.

Executive summary

A critical SQL injection vulnerability in the mjperpinosa stumasy application poses a high risk by allowing unauthenticated attackers to manipulate backend database operations.

Vulnerability

The application contains a SQL injection flaw (CWE-89, CWE-74) where unauthenticated user input is incorrectly handled, allowing for unauthorized interaction with the database.

Business impact

This vulnerability could allow an attacker to read, modify, or delete data within the application's database. With a CVSS score of 7.3, the impact is severe, potentially leading to unauthorized data access and the compromise of system integrity, which can cause significant reputational and operational damage.

Remediation

Immediate Action: Check for available updates or commits that address SQL injection flaws in the codebase and apply them immediately.

Proactive Monitoring: Monitor database logs for anomalies and unexpected query structures that deviate from normal application behavior.

Compensating Controls: Utilize a Web Application Firewall (WAF) to inspect incoming traffic for common SQL injection patterns and block requests that match known malicious signatures.

Exploitation status

Public Exploit Available: false

Analyst recommendation

Immediate remediation is required to prevent potential database compromise. If an official patch is not provided, developers must manually sanitize all database inputs using parameterized queries to effectively mitigate this high-risk vulnerability.