CVE-2026-9003 HIGH

CVE-2026-9003: TONNET｜E-LAN Hybrid Recording System - SQL Injection

Vendor Tonnet

Product TPR7308

Weakness CWE-89 · SQLi

Published May 20, 2026

Last update May 20, 2026

View on NVD All CVEs

CVSS base score

8.7/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

E-LAN Hybrid Recording System developed by TONNET has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents.

Key dates

02Disclosure timeline

May 20, 2026 CVE published

May 20, 2026 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2026-9003 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/89.html

Related vulnerabilities

04Related CVE

CVE-2025-8236 code-projects Online Ordering System edit_product.php sql injection CVE-2024-9039 SourceCodester Best House Rental Management System ajax.php sql injection CVE-2023-1666 SourceCodester Automatic Question Paper Generator System GET Parameter view_class.php sql injection CVE-2024-12487 code-projects Online Class and Exam Scheduling System room_update.php sql injection CVE-2025-69351 WordPress Ninja Tables plugin <= 5.2.4 - SQL Injection vulnerability