CVE-2026-49489

HIGH WAF: High

CVSS 8.5 Published: 2026-05-31

CWE-89

OpenCATS through 0.9.7.4 contains a sql injection vulnerability in the sortDirection parameter of the DataGrid component that allows authenticated users to extract database contents. Attackers can inject malicious SQL via the sortDirection parameter in ajax/getDataGridPager.php to perform time-based blind injection attacks and read sensitive data.

WAF Coverage Analysis

SQL Injection High WAF Coverage

OWASP: A03:2021 Injection

942xxx - SQL Injection

References

github.com
packetstorm.news
www.exploit-db.com
www.vulncheck.com

Back to CVE Database