Primary

Context

Collectric CMU SQL Injection Vulnerability in lang Parameter

Vulnerability

A boolean-based blind SQL injection vulnerability has been identified in Collectric CMU version 1.0. The issue resides in the lang parameter, allowing unauthenticated attackers to manipulate database queries during the authentication process. Exploitation of this vulnerability enables attackers to inject SQL code through the lang parameter in login requests, potentially extracting sensitive information from the database using time-based blind SQL injection techniques.

Impact

Exploitation of this vulnerability allows for boolean-based blind SQL injection, with the possibility of extracting sensitive information from the database.

Reproduction

The vulnerability can be reproduced by sending a login request with a crafted payload in the lang parameter. The payload should include SQL injection techniques, such as using 'AND' to create a boolean-based blind SQL injection or 'SLEEP' for time-based blind SQL injection.

Added: May 26, 2026, 7:28 PM

Updated: May 26, 2026, 7:28 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

8.7

remediation

0.0

relevance

9.4

threat

6.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

8.7

remediation

0.0

relevance

9.4

threat

6.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Collectric CMU SQL Injection Vulnerability in lang Parameter

Vulnerability

Impact

Reproduction

Affected Products

Collectric CMU

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating