SQL Injection Vulnerability in RafyMrX TOKO-ONLINE-ROTI Product
CVE-2026-15489
6.9MEDIUM
What is CVE-2026-15489?
A SQL injection vulnerability has been identified in RafyMrX's TOKO-ONLINE-ROTI, specifically targeting the file proses/login.php. The issue arises from inadequate validation of the Username parameter, allowing an attacker to manipulate input and execute arbitrary SQL queries. This flaw opens the door for remote exploitation, potentially compromising sensitive data. Despite efforts to contact the vendor regarding this issue, there has been no response. The exploit for this vulnerability is publicly available, raising significant security concerns for users of affected versions.
Affected Version(s)
TOKO-ONLINE-ROTI ddfe1cd587be0a0b5135d8b6e85cce2ec3aece99
