CVE-2026-7486
9.8 CRITICALImproper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Netcad Software Inc
Published: 2026-06-09 · Last updated: 2026-06-09
Severity and scoring
- CVSS
- 9.8 CRITICAL
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- CWE
- CWE-89
Description
Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Netcad Software Inc. E-İmar allows SQL Injection. This issue affects E-İmar: from 2.10.1.0 before 3.0.2.
Source: NVD
References
Related CVEs
Same CWE
- CVE-2026-50636 — The RemoteControl API methods invite_participants and remind_participants pass a caller-supplied token-ID array into TokenDynamic::findUn... (8.8 HIGH)
- CVE-2026-8025 — Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in MOSK Information Technologies Ltd (9.8 CRITICAL)
- CVE-2017-20249 — Apptha Slider Gallery 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries ... (8.2 HIGH)
- CVE-2017-20247 — WordPress Plugin PICA Photo Gallery 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrar... (8.2 HIGH)
- CVE-2017-20246 — KittyCatfish 2.2 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to read database cont... (8.2 HIGH)