SQL Injection Vulnerability in Buroweb Platform by Buroweb
CVE-2026-1432
9.3CRITICAL
What is CVE-2026-1432?
The Buroweb platform version 2505.0.12 contains a SQL injection vulnerability in the 'tablon' component. This flaw is due to inadequate sanitization of user inputs in the endpoint '/sta/CarpetaPublic/doEvent?APP_CODE=STA&PAGE_CODE=TABLON'. If exploited, this vulnerability could enable an attacker to perform unauthorized database queries, potentially exposing sensitive data and compromising system integrity.
Affected Version(s)
Buroweb 0 < 2505.0.13
