What the vulnerability does
01Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TE Informatics Nova CMS allows SQL Injection. This issue affects Nova CMS: before 5.0.
CVSS base score
6.9/10
CVSS vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
Key dates
02Disclosure timeline
October 10, 2024
CVE published
June 3, 2026
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2017-20138 Itech Auction Script mcategory.php Blind sql injection
CVE-2026-9526 itsourcecode Electronic Judging System edit_team.php sql injection
CVE-2026-2083 code-projects Social Networking Site delete_post.php sql injection
CVE-2025-4153 PHPGurukul Park Ticketing Management System profile.php sql injection
CVE-2025-46828 Unauthenticated SQL Injection on get_socios.php endpoint
