CVE-2026-30655
MEDIUM
NVD
CVSS Score
6.5
Severity
MEDIUM
Published
Mar 24, 2026
Vendor
unknown
Description
SQL injection in Solicitante::resetaSenha() in esiclivre/esiclivre v0.2.2 and earlier allows unauthenticated remote attackers to gain unauthorized access to sensitive information via the cpfcnpj parameter in /reset/index.php