CyberRota
← Ana sayfaya dön

CVE-2026-46622

HIGH · CVSS 8.1 EPSS %0.20 Public Exploit

Kaynak: NVD + CISA KEV + EPSS · Yayınlanma: 2026-06-11T20:16:23.493 · Çekilme zamanı: 2026-06-30T18:19:39.625036+00:00

CyberRota Yorumu

SQL Injection riski içeriyor.

Public Exploit Sinyali

Bu CVE için açıklama veya referanslarda public exploit / PoC / GitHub / Metasploit sinyali tespit edildi.

GitHub PoC Linkleri
github.com github.com github.com

Not: Bu bağlantılar yalnızca güvenlik araştırması ve doğrulama amacıyla listelenmiştir.

CVE
CVE-2026-46622
Severity
HIGH
CVSS
8.1
EPSS
%0.20

Orijinal NVD Açıklaması

SolidInvoice is an open-source invoicing platform. Prior to version 2.3.17, API tokens used to authenticate all REST API requests are stored as plaintext strings in the api_tokens database table. Any attacker who obtains read access to the database — through SQL injection, a leaked backup, a misconfigured replica, or insider access — immediately obtains all API credentials for every user with no further effort. This issue has been patched in version 2.3.17.