PT-2026-2104 · Unknown · Tarkov Data Manager
Sut0L
·
Published
2026-01-07
·
Updated
2026-02-03
·
CVE-2026-21856
CVSS v3.1
7.2
High
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Tarkov Data Manager versions prior to commit 9bdb3a75a98a7047b6d70144eb1da1655d6992a8
Description
The Tarkov Data Manager is a tool used to manage Tarkov item data. Prior to commit 9bdb3a75a98a7047b6d70144eb1da1655d6992a8, a time-based blind SQL injection issue exists in the webhook edit and scanner
API endpoints. An authenticated attacker can exploit this to execute arbitrary SQL queries against the MySQL database. The vulnerable API endpoints are susceptible due to a flaw that allows manipulation of database queries through time-based inference.Recommendations
Update to commit 9bdb3a75a98a7047b6d70144eb1da1655d6992a8 or a later version to resolve this issue.
Exploit
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Tarkov Data Manager