CVE-2026-6562

Name of the Vulnerable Software and Affected Versions dameng100 muucmf version 1.9.5.20260309

Description A remote SQL injection exists in the function getListByPage() within the file '/index/Search/index.html'. This issue occurs when the keyword argument is manipulated, allowing an attacker to execute arbitrary SQL commands.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, restrict access to the getListByPage() function or avoid using the keyword parameter in the '/index/Search/index.html' file to minimize the risk of exploitation.