exploitDog

CVE-2026-25544

Опубликовано: 06 фев. 2026

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

Payload is a free and open source headless content management system. Prior to 3.73.0, when querying JSON or richText fields, user input was directly embedded into SQL without escaping, enabling blind SQL injection attacks. An unauthenticated attacker could extract sensitive data (emails, password reset tokens) and achieve full account takeover without password cracking. This vulnerability is fixed in 3.73.0.

Ссылки

https://github.com/payloadcms/payload/security/advisories/GHSA-xx6w-jxg9-2wh8
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:payloadcms:payload:*:*:*:*:*:node.js:*:*

Версия до 3.73.0 (исключая)

EPSS

Процентиль: 11%

0.00037

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-89

Связанные уязвимости

GHSA-xx6w-jxg9-2wh8

CVSS3: 9.8

github

около 2 месяцев назад

@payloadcms/drizzle has SQL Injection in JSON/RichText Queries on PostgreSQL/SQLite Adapters

EPSS

Процентиль: 11%

0.00037

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-89