QSearchQSearch

CVE-2025-62319

9.8 CRITICAL

Boolean-Based SQL Injection is a type of blind SQL injection where an attacker manipulates SQL queries by injecting Boolean conditions (T...

Published: 2026-03-16 · Last updated: 2026-06-05

Severity and scoring

CVSS
9.8 CRITICAL
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE
CWE-89

Affected products

VendorProduct
hcltechunica, unica_audience_central

Description

Boolean-Based SQL Injection is a type of blind SQL injection where an attacker manipulates SQL queries by injecting Boolean conditions (TRUE or FALSE) into application input fields. Instead of returning database errors or visible data, the application responds differently depending on whether the injected condition evaluates to true or false. This allows an attacker to inject arbitrary SQL into backend configuration queries executed within the application.

Source: NVD

References

Related CVEs

Same vendor

  • CVE-2026-21837 HCL Digital Experience is affected by an OS command injection vulnerability in the Digital Asset Management API (8.8 HIGH)
  • CVE-2026-21826 HCL Digital Experience and HCL Digital Experience Compose could be susceptible to Host header injection (6.1 MEDIUM)
  • CVE-2026-21825 HCL Digital Experience Compose is affected by a reflected cross-site scripting (XSS) vulnerability in the search center (6.1 MEDIUM)
  • CVE-2025-52612 HCL iControl was affected by Export CSV - CSV Injection vulnerability (7.1 HIGH)
  • CVE-2025-52611 HCL iControl v4.0.0 was affected by Unhandled Exception - Stack Trace Disclosure vulnerability (3.1 LOW)

Same CWE

  • CVE-2026-12175 A vulnerability was detected in CodeAstro Student Attendance Management System 1.0 (4.7 MEDIUM)
  • CVE-2026-6428 SQL Injection in reports/catalogue_out.pl in Koha Community Koha through 22.11.37, 23.x, 24.x before 24.11.16, 25.05.x before 25.05.11, 2... (7.6 HIGH)
  • CVE-2026-9848 The WP Ticket plugin for WordPress is vulnerable to SQL Injection via the WordPress search query parameter (`s`) in versions up to, and i... (7.5 HIGH)
  • CVE-2026-12131 A weakness has been identified in CodeAstro Human Resource Management System 1.0 (6.3 MEDIUM)
  • CVE-2026-44172 MariaDB server is a community developed fork of MySQL server