CVE-2026-2235 HIGH

CVE-2026-2235: HGiga｜C&Cm@il - SQL Injection

Vendor Hgiga

Product C&Cm@il package olln-base

Weakness CWE-89 · SQLi

Published February 9, 2026

Last update February 9, 2026

View on NVD All CVEs

CVSS base score

7.1/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

C&Cm@il developed by HGiga has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents.

Key dates

02Disclosure timeline

February 9, 2026 CVE published

February 9, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2026-2235 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/89.html

Related vulnerabilities

04Related CVE

CVE-2025-54474 Extension - dj-extensions.com - SQLi vulnerability in DJ-Classifieds component 3.9.2-3.10.1 for Joomla CVE-2025-25221 CVE-2025-9947 Custom 404 Pro <= 3.12.0 - Authenticated (Administrator+) SQL Injection via `path` Parameter CVE-2024-30498 WordPress CRM Perks Forms plugin <= 1.1.4 - Unauthenticated SQL Injection vulnerability CVE-2025-15198 code-projects College Notes Uploading System login.php sql injection