Primary

Context

Iomad SQL Injection Vulnerability in Company Admin Block

Vulnerability

A critical SQL injection vulnerability has been identified in Iomad versions up to 5.0, specifically within the Company Admin Block component. This vulnerability allows for remote exploitation and requires company admin permissions to access the affected functionality. The issue has been confirmed on the IOMAD_405_STABLE branch.

Impact

Exploitation of this vulnerability leads to a full database compromise, affecting all tenants.

Remediation

Patches for this vulnerability have been applied to the Iomad 4.5 and 5.0 branches. Users on older, unsupported versions should upgrade to a version that includes the patch.

Added: Feb 5, 2026, 12:20 PM

Updated: Feb 5, 2026, 4:20 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

6.6

remediation

0.0

relevance

2.7

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

6.6

remediation

0.0

relevance

2.7

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Iomad SQL Injection Vulnerability in Company Admin Block

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating