CVE-2026-49489
Published
CVSS v3
8.5
HIGH
CVSS v2
N/A
Affected
1
PROJECT
Description
OpenCATS through 0.9.7.4 contains a sql injection vulnerability in the sortDirection parameter of the DataGrid component that allows authenticated users to extract database contents. Attackers can inject malicious SQL via the sortDirection parameter in ajax/getDataGridPager.php to perform time-based blind injection attacks and read sensitive data.
Open-source applicant tracking system (ATS) and recruitment CRM for staffing agencies and hiring teams.
GitHub