SQL Injection Vulnerability in RafyMrX TOKO-ONLINE-ROTI Product
CVE-2026-15489

6.9MEDIUM

Key Information:

Vendor

Rafymrx

Vendor
CVE Published:
12 July 2026

What is CVE-2026-15489?

A SQL injection vulnerability has been identified in RafyMrX's TOKO-ONLINE-ROTI, specifically targeting the file proses/login.php. The issue arises from inadequate validation of the Username parameter, allowing an attacker to manipulate input and execute arbitrary SQL queries. This flaw opens the door for remote exploitation, potentially compromising sensitive data. Despite efforts to contact the vendor regarding this issue, there has been no response. The exploit for this vulnerability is publicly available, raising significant security concerns for users of affected versions.

Affected Version(s)

TOKO-ONLINE-ROTI ddfe1cd587be0a0b5135d8b6e85cce2ec3aece99

References

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Lzy200657 (VulDB User)
VulDB CNA Team
.