Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.4
CVE-2026-49489: OpenCATS DataGrid SQL Injection Risk: Sensitive Data Exposure
CVE-2026-49489
Summary
Authenticated users can access sensitive data in OpenCATS databases. This is a concern because it allows attackers to view information they shouldn't. To protect your data, update OpenCATS to a version later than 0.9.7.4.
Original title
OpenCATS through 0.9.7.4 contains a sql injection vulnerability in the sortDirection parameter of the DataGrid component that allows authenticated users to extract database contents. Attackers can ...
Original description
OpenCATS through 0.9.7.4 contains a sql injection vulnerability in the sortDirection parameter of the DataGrid component that allows authenticated users to extract database contents. Attackers can inject malicious SQL via the sortDirection parameter in ajax/getDataGridPager.php to perform time-based blind injection attacks and read sensitive data.
nvd CVSS3.1
8.5
nvd CVSS4.0
8.4
Vulnerability type
CWE-89
SQL Injection
Published: 31 May 2026 · Updated: 31 May 2026 · First seen: 31 May 2026