What the vulnerability does
01Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Yoren Chang Media Search Enhanced media-search-enhanced allows SQL Injection.This issue affects Media Search Enhanced: from n/a through <= 0.9.1.
Explanation of Vulnerability in Simple Terms
02Summary
Media Search Enhanced versions 0.9.1 and earlier contain a SQL injection vulnerability in database query handling. An authenticated administrator can inject malicious SQL commands through search parameters to read sensitive data from the database. The vulnerability requires high-level privileges to exploit but can expose confidential information and degrade site performance.
What an attacker can do
03Attacker Capabilities
Read sensitive data from the site's database by injecting SQL commands into search queries.
Potential impact on your site
04Site Impact
Database contents may be exposed to administrators with malicious intent; site performance may degrade.
Conditions required to exploit
05Prerequisites
Attacker must have administrator-level access to the site.
Key dates
06Disclosure timeline
February 19, 2026
CVE published
April 28, 2026
Record updated