SQL Injection Vulnerability in RafyMrX TOKO-ONLINE-ROTI Web Application
CVE-2026-15490
6.9MEDIUM
What is CVE-2026-15490?
A security flaw has been identified in the RafyMrX TOKO-ONLINE-ROTI application, specifically in the 'proses/add.php' file. This vulnerability allows an attacker to manipulate the 'kode_produk' or 'kd_cs' arguments, leading to an SQL injection. The attack can be executed remotely, potentially compromising the security of the affected web application. The exploit has been made publicly available, raising serious concerns for users and administrators of the product. Despite attempts to inform the vendor of the issue, no response was received, highlighting a critical need for prompt security measures.
Affected Version(s)
TOKO-ONLINE-ROTI ddfe1cd587be0a0b5135d8b6e85cce2ec3aece99
