top of page
perceptive_background_267k.jpg

Kmaleon 1.1.0.205 contains an authenticated SQL injection vulnerability in the 'tipocomb' parameter of kmaleonW.php that allows attackers to manipulate database…

Published:

14 januari 2026 om 23:00:00

Alert date:

15 januari 2026 om 18:11:37

Source:

nvd.nist.gov

Click to open the original link from this advisory

Web Technologies, Database & Storage

CVE-2021-47766 is an authenticated SQL injection vulnerability in Kmaleon 1.1.0.205, specifically in the 'tipocomb' parameter of kmaleonW.php. The vulnerability allows attackers to manipulate database queries through various SQL injection techniques including boolean-based, error-based, and time-based blind attacks. This enables potential extraction or manipulation of database information. The vulnerability requires authentication but poses significant risk to database integrity and confidentiality.

Technical details

Mitigation steps:

Affected products:

Kmaleon

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2021-47766
https://web.archive.org/web/20210616143348/https://www.levelprograms.com/kmaleon-abogados/
https://www.exploit-db.com/exploits/50499

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page