top of page
perceptive_background_267k.jpg

OpenCATS through 0.9.7.4 contains a sql injection vulnerability in the sortDirection parameter of the DataGrid component that allows authenticated users to extr…

Published:

30 May 2026 at 22:00:00

Alert date:

31 May 2026 at 14:01:08

Source:

nvd.nist.gov

Click to open the original link from this advisory

Web Technologies, Enterprise Applications, Database & Storage

OpenCATS through version 0.9.7.4 contains a SQL injection vulnerability in the sortDirection parameter of the DataGrid component. The vulnerability exists in the ajax/getDataGridPager.php file and allows authenticated users to extract database contents. Attackers can exploit this flaw by injecting malicious SQL code via the sortDirection parameter to perform time-based blind injection attacks. This enables unauthorized access to sensitive data stored in the database. The vulnerability affects all versions of OpenCATS up to and including 0.9.7.4.

Technical details

Mitigation steps:

Affected products:

OpenCATS

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-49489
https://github.com/opencats/OpenCATS/security/advisories/GHSA-8mc8-5gw6-c7w4
https://packetstorm.news/files/id/222200/
https://www.exploit-db.com/exploits/52579
https://www.vulncheck.com/advisories/opencats-sql-injection-in-datagrid-sortdirection-parameter

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page