CVE-2026-7083 MEDIUM

CVE-2026-7083: likeadmin-likeshop likeadmin_php dataTable Admin API DataTableLists.php queryResult sql injection

Vendor Likeadmin-Likeshop

Product likeadmin_php

Weakness CWE-89 · SQLi

Published April 27, 2026

Last update April 27, 2026

View on NVD All CVEs

CVSS base score

5.1/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

What the vulnerability does

Description

A vulnerability has been found in likeadmin-likeshop likeadmin_php up to 1.9.6. Affected by this issue is the function queryResult of the file server\app\adminapi\lists\tools\DataTableLists.php of the component dataTable Admin API. The manipulation leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet.

Key dates

Disclosure timeline

April 27, 2026 CVE published

April 27, 2026 Record updated

Identifiers

CVE CVE-2026-7083

CWE CWE-89

CVSS 5.1 / MEDIUM

Affected versions

Vendor Likeadmin-Likeshop

Product likeadmin_php

Affected 1.9.0

Vendor Likeadmin-Likeshop

Product likeadmin_php

Affected 1.9.1

Vendor Likeadmin-Likeshop

Product likeadmin_php

Affected 1.9.2

Vendor Likeadmin-Likeshop

Product likeadmin_php

Affected 1.9.3

Vendor Likeadmin-Likeshop

Product likeadmin_php

Affected 1.9.4

Vendor Likeadmin-Likeshop

Product likeadmin_php

Affected 1.9.5

Vendor Likeadmin-Likeshop

Product likeadmin_php

Affected 1.9.6