{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2026-36962", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-05-11T17:00:23.642Z", "dateReserved": "2026-04-06T00:00:00.000Z", "datePublished": "2026-05-11T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-05-11T17:00:23.642Z"}, "descriptions": [{"lang": "en", "value": "SQL Injection in MuuCMF T6 v1.9.4.20260115 allows an unauthenticated attacker to compromise the entire database, achieve unauthorized administrative access, and potentially gain remote code execution by writing malicious files to the server's file system via the keyword parameter in the /index/controller/Search.php endpoint."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://gitee.com/dameng100/muucmf"}, {"url": "https://thinhneee.github.io/posts/muucmf-sqli/"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}}, "dataVersion": "5.2"}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "SQL Injection in MuuCMF T6 v1.9.4.20260115 allows an unauthenticated attacker to compromise the entire database, achieve unauthorized administrative access, and potentially gain remote code execution by writing malicious files to the server's file system via the keyword parameter in the /index/controller/Search.php endpoint."}], "id": "CVE-2026-36962", "lastModified": "2026-05-11T18:16:32.483", "metrics": {}, "published": "2026-05-11T18:16:32.483", "references": [{"source": "cve@mitre.org", "url": "https://gitee.com/dameng100/muucmf"}, {"source": "cve@mitre.org", "url": "https://thinhneee.github.io/posts/muucmf-sqli/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Received"}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.9.4.20260115"}}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 91.0, "source": "matching"}]}, "original": {"product": "n/a", "source": "cna", "vendor": "n/a"}, "product": "muucmf", "vendor": "dameng100"}], "created": "2026-05-11T18:30:05.546243+00:00", "title": "Unauthenticated SQL Injection in MuuCMF T6 Enables Full Database Compromise and Potential Remote Code Execution", "updated": "2026-05-12T09:15:12.012680+00:00", "vendors": ["dameng100", "dameng100$PRODUCT$muucmf"], "weaknesses": ["CWE-89"]}