SQL Injection Vulnerability in RafyMrX TOKO-ONLINE-ROTI Web Application
CVE-2026-15490

6.9MEDIUM

Key Information:

Vendor

Rafymrx

Vendor
CVE Published:
12 July 2026

What is CVE-2026-15490?

A security flaw has been identified in the RafyMrX TOKO-ONLINE-ROTI application, specifically in the 'proses/add.php' file. This vulnerability allows an attacker to manipulate the 'kode_produk' or 'kd_cs' arguments, leading to an SQL injection. The attack can be executed remotely, potentially compromising the security of the affected web application. The exploit has been made publicly available, raising serious concerns for users and administrators of the product. Despite attempts to inform the vendor of the issue, no response was received, highlighting a critical need for prompt security measures.

Affected Version(s)

TOKO-ONLINE-ROTI ddfe1cd587be0a0b5135d8b6e85cce2ec3aece99

References

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Dest1ny_1 (VulDB User)
VulDB CNA Team
.