PT-2026-39652 · Muucmf T6 · Muucmf T6
Dameng100
+1
·
Published
2026-05-11
·
Updated
2026-05-11
·
CVE-2026-36962
CVSS v3.1
7.3
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
MuuCMF T6 version 1.9.4.20260115
Description
An unauthenticated attacker can compromise the entire database, obtain unauthorized administrative access, and potentially achieve remote code execution by writing malicious files to the server's file system. This is possible via the 'keyword' parameter in the "/index/controller/Search.php" endpoint.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Avoid using the
keyword parameter in the "/index/controller/Search.php" endpoint until the issue is resolved.Exploit
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Muucmf T6