damasac/thaipalliative_lte

Releases4

Frequency1 day 1 hour

Last Release about 11 years ago

thaipalliative PHP Framwork Modified by vut

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2026-38581 ↗	Jun 11, 2026Thursday, 11 June 2026, 14:16	9.8 CRITICAL	—
SQL Injection vulnerability in damasac thaipalliative_lte through version 3.0 allows remote attackers to execute arbitrary SQL commands via the idFormMain parameter to /substudy/ezform.php (line 14) and the id parameter (line 49). The parameters are concatenated directly into SQL queries without sanitization or parameterized statements.