CVE-2026-36962

UNKNOWN NVD

CVSS Score 0

Severity UNKNOWN

Published May 11, 2026

Vendor unknown

Description

SQL Injection in MuuCMF T6 v1.9.4.20260115 allows an unauthenticated attacker to compromise the entire database, achieve unauthorized administrative access, and potentially gain remote code execution by writing malicious files to the server's file system via the keyword parameter in the /index/controller/Search.php endpoint.

References

https://gitee.com/dameng100/muucmf
https://thinhneee.github.io/posts/muucmf-sqli/