SQL Injection Vulnerability in Buroweb Platform by Buroweb
CVE-2026-1432

9.3CRITICAL

Key Information:

Vendor

T-systems

Status
Vendor
CVE Published:
3 February 2026

What is CVE-2026-1432?

The Buroweb platform version 2505.0.12 contains a SQL injection vulnerability in the 'tablon' component. This flaw is due to inadequate sanitization of user inputs in the endpoint '/sta/CarpetaPublic/doEvent?APP_CODE=STA&PAGE_CODE=TABLON'. If exploited, this vulnerability could enable an attacker to perform unauthorized database queries, potentially exposing sensitive data and compromising system integrity.

Affected Version(s)

Buroweb 0 < 2505.0.13

References

CVSS V4

Score:
9.3
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Iban Ruiz de Galarreta Cadenas
.