EUVD-2026-5293

ID: EUVD-2026-5293

Severity: critical

CVSS v4: 9.3 (CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:L/SI:N/SA:L)

CVSS v3: Not provided

CWE: None listed

Source: ENISA

Description

SQL injection vulnerability in the Buroweb platform version 2505.0.12, specifically in the 'tablon' component. This vulnerability is present in several parameters that do not correctly sanitize user input in the endpoint '/sta/CarpetaPublic/doEvent?APP_CODE=STA&PAGE_CODE=TABLON'. Exploiting this vulnerability could allow an attacker to execute queries on the database and gain access to confidential information.

Timestamps

Normalized: 2026-02-03T23:24:33Z UTC
Last updated: 2026-02-03T23:24:33Z UTC

References

No references provided.

VulnAI

EUVD-2026-5293

Description

Timestamps

References