CVE-2026-30995

Vulnerability

Overview

Slah CMS versions 1.5.0 and earlier contain a SQL injection vulnerability in the vereador_ver.php endpoint. The id parameter is not properly sanitized before being used in SQL queries, allowing an attacker to inject arbitrary SQL commands. This is a classic boolean-based or UNION-based injection point in the application's database abstraction layer [1].

Exploitation

Details

The vulnerability is exploitable without authentication, making it accessible to any remote attacker who can reach the vulnerable CMS instance. A publicly available proof-of-concept exploit demonstrates automated extraction of database content by manipulating the id parameter. The exploit relies on the application's response differences to infer data through conditional queries [1].

Impact

A successful SQL injection can lead to the unauthorized retrieval of all data stored in the CMS database. This includes sensitive information such as user credentials, personal data, and any other records maintained by the application. The exploit code provided shows direct extraction of table names, column names, and row values from the underlying database [1].

Mitigation

As of the publication date, no patch has been released. Users are advised to upgrade to a patched version once available or apply input validation and parameterized queries as a workaround. Given the severity (CVSS 8.6) and the existence of public exploit code, this CVE should be prioritized for remediation [1].