Search
Find a vulnerability
Search criteria
14 vulnerabilities by mjperpinosa
CVE-2026-14753 (GCVE-0-2026-14753)
Vulnerability from nvd – Published: 2026-07-05 13:45 – Updated: 2026-07-06 13:26
VLAI
EPSS
VEX
Title
mjperpinosa stumasy Note Handler/Assignment notes authorization
Summary
A vulnerability was detected in mjperpinosa stumasy up to 327d1b0f2915ba79d7ef8ebb74553e987609d9be. This impacts an unknown function of the file /PHP/objects/notes of the component Note Handler/Assignment Handler. Performing a manipulation of the argument assignment_item_id results in authorization bypass. The attack can be initiated remotely. The exploit is now public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The project was informed of the problem early through an issue report but has not responded yet.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/376342 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/376342/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-14753 | third-party-advisory |
| https://vuldb.com/submit/849496 | third-party-advisory |
| https://github.com/mjperpinosa/stumasy/issues/9 | exploitissue-tracking |
| https://github.com/mjperpinosa/stumasy/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| mjperpinosa | stumasy |
Affected:
327d1b0f2915ba79d7ef8ebb74553e987609d9be
cpe:2.3:a:mjperpinosa:stumasy:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-14753",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-06T13:26:36.439129Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-06T13:26:44.191Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:mjperpinosa:stumasy:*:*:*:*:*:*:*:*"
],
"modules": [
"Note Handler/Assignment Handler"
],
"product": "stumasy",
"vendor": "mjperpinosa",
"versions": [
{
"status": "affected",
"version": "327d1b0f2915ba79d7ef8ebb74553e987609d9be"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "gscsd (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was detected in mjperpinosa stumasy up to 327d1b0f2915ba79d7ef8ebb74553e987609d9be. This impacts an unknown function of the file /PHP/objects/notes of the component Note Handler/Assignment Handler. Performing a manipulation of the argument assignment_item_id results in authorization bypass. The attack can be initiated remotely. The exploit is now public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The project was informed of the problem early through an issue report but has not responded yet."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "Authorization Bypass",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-05T13:45:08.177Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-376342 | mjperpinosa stumasy Note Handler/Assignment notes authorization",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/376342"
},
{
"name": "VDB-376342 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/376342/cti"
},
{
"name": "CVE-2026-14753 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-14753"
},
{
"name": "Submit #849496 | mjperpinosa stumasy 327d1b0f2915ba79d7ef8ebb74553e987609d9be Authorization Bypass Through User-Controlled SQL Primary Key",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/849496"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/mjperpinosa/stumasy/issues/9"
},
{
"tags": [
"product"
],
"url": "https://github.com/mjperpinosa/stumasy/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-07-04T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-07-04T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-07-04T17:55:40.000Z",
"value": "VulDB entry last update"
}
],
"title": "mjperpinosa stumasy Note Handler/Assignment notes authorization"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-14753",
"datePublished": "2026-07-05T13:45:08.177Z",
"dateReserved": "2026-07-04T15:50:27.016Z",
"dateUpdated": "2026-07-06T13:26:44.191Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-14752 (GCVE-0-2026-14752)
Vulnerability from nvd – Published: 2026-07-05 13:30 – Updated: 2026-07-06 13:08
VLAI
EPSS
VEX
Title
mjperpinosa stumasy add_into_dictionary.php add_definition cross site scripting
Summary
A security vulnerability has been detected in mjperpinosa stumasy up to 327d1b0f2915ba79d7ef8ebb74553e987609d9be. This affects the function add_definition of the file application/PHP/objects/notes/add_into_dictionary.php. Such manipulation of the argument reference leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The project was informed of the problem early through an issue report but has not responded yet.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/376341 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/376341/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-14752 | third-party-advisory |
| https://vuldb.com/submit/849495 | third-party-advisory |
| https://github.com/mjperpinosa/stumasy/issues/8 | exploitissue-tracking |
| https://github.com/mjperpinosa/stumasy/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| mjperpinosa | stumasy |
Affected:
327d1b0f2915ba79d7ef8ebb74553e987609d9be
cpe:2.3:a:mjperpinosa:stumasy:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-14752",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-06T13:08:40.411505Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-06T13:08:48.416Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:mjperpinosa:stumasy:*:*:*:*:*:*:*:*"
],
"product": "stumasy",
"vendor": "mjperpinosa",
"versions": [
{
"status": "affected",
"version": "327d1b0f2915ba79d7ef8ebb74553e987609d9be"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "cnluminous (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability has been detected in mjperpinosa stumasy up to 327d1b0f2915ba79d7ef8ebb74553e987609d9be. This affects the function add_definition of the file application/PHP/objects/notes/add_into_dictionary.php. Such manipulation of the argument reference leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The project was informed of the problem early through an issue report but has not responded yet."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "Code Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-05T13:30:08.679Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-376341 | mjperpinosa stumasy add_into_dictionary.php add_definition cross site scripting",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/376341"
},
{
"name": "VDB-376341 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/376341/cti"
},
{
"name": "CVE-2026-14752 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-14752"
},
{
"name": "Submit #849495 | mjperpinosa stumasy 327d1b0f2915ba79d7ef8ebb74553e987609d9be Cross Site Scripting",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/849495"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/mjperpinosa/stumasy/issues/8"
},
{
"tags": [
"product"
],
"url": "https://github.com/mjperpinosa/stumasy/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-07-04T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-07-04T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-07-04T17:55:37.000Z",
"value": "VulDB entry last update"
}
],
"title": "mjperpinosa stumasy add_into_dictionary.php add_definition cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-14752",
"datePublished": "2026-07-05T13:30:08.679Z",
"dateReserved": "2026-07-04T15:50:24.498Z",
"dateUpdated": "2026-07-06T13:08:48.416Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-14751 (GCVE-0-2026-14751)
Vulnerability from nvd – Published: 2026-07-05 13:15 – Updated: 2026-07-06 16:50
VLAI
EPSS
VEX
Title
mjperpinosa stumasy search_scratch_data.php search_scratch_data sql injection
Summary
A weakness has been identified in mjperpinosa stumasy up to 327d1b0f2915ba79d7ef8ebb74553e987609d9be. The impacted element is the function Notes_controller::search_scratch_data of the file application/PHP/objects/notes/search_scratch_data.php. This manipulation of the argument field_name causes sql injection. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The project was informed of the problem early through an issue report but has not responded yet.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/376340 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/376340/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-14751 | third-party-advisory |
| https://vuldb.com/submit/849494 | third-party-advisory |
| https://github.com/mjperpinosa/stumasy/issues/7 | exploitissue-tracking |
| https://github.com/mjperpinosa/stumasy/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| mjperpinosa | stumasy |
Affected:
327d1b0f2915ba79d7ef8ebb74553e987609d9be
cpe:2.3:a:mjperpinosa:stumasy:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-14751",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-06T16:36:04.476759Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-06T16:50:05.587Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:mjperpinosa:stumasy:*:*:*:*:*:*:*:*"
],
"product": "stumasy",
"vendor": "mjperpinosa",
"versions": [
{
"status": "affected",
"version": "327d1b0f2915ba79d7ef8ebb74553e987609d9be"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "cnluminous (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A weakness has been identified in mjperpinosa stumasy up to 327d1b0f2915ba79d7ef8ebb74553e987609d9be. The impacted element is the function Notes_controller::search_scratch_data of the file application/PHP/objects/notes/search_scratch_data.php. This manipulation of the argument field_name causes sql injection. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The project was informed of the problem early through an issue report but has not responded yet."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-05T13:15:08.543Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-376340 | mjperpinosa stumasy search_scratch_data.php search_scratch_data sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/376340"
},
{
"name": "VDB-376340 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/376340/cti"
},
{
"name": "CVE-2026-14751 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-14751"
},
{
"name": "Submit #849494 | mjperpinosa stumasy 327d1b0f2915ba79d7ef8ebb74553e987609d9be SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/849494"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/mjperpinosa/stumasy/issues/7"
},
{
"tags": [
"product"
],
"url": "https://github.com/mjperpinosa/stumasy/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-07-04T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-07-04T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-07-04T17:55:35.000Z",
"value": "VulDB entry last update"
}
],
"title": "mjperpinosa stumasy search_scratch_data.php search_scratch_data sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-14751",
"datePublished": "2026-07-05T13:15:08.543Z",
"dateReserved": "2026-07-04T15:50:22.120Z",
"dateUpdated": "2026-07-06T16:50:05.587Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-14750 (GCVE-0-2026-14750)
Vulnerability from nvd – Published: 2026-07-05 13:00 – Updated: 2026-07-07 02:50
VLAI
EPSS
VEX
Title
mjperpinosa stumasy accessing_dictionary_authorization.php accessing_dictionary_authorization sql injection
Summary
A security flaw has been discovered in mjperpinosa stumasy up to 327d1b0f2915ba79d7ef8ebb74553e987609d9be. The affected element is the function Notes_controller::accessing_dictionary_authorization of the file application/PHP/objects/notes/accessing_dictionary_authorization.php. The manipulation of the argument Password results in sql injection. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed. The project was informed of the problem early through an issue report but has not responded yet.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/376339 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/376339/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-14750 | third-party-advisory |
| https://vuldb.com/submit/849483 | third-party-advisory |
| https://github.com/mjperpinosa/stumasy/issues/6 | exploitissue-tracking |
| https://github.com/mjperpinosa/stumasy/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| mjperpinosa | stumasy |
Affected:
327d1b0f2915ba79d7ef8ebb74553e987609d9be
cpe:2.3:a:mjperpinosa:stumasy:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-14750",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-07T02:50:03.909165Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-07T02:50:24.885Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:mjperpinosa:stumasy:*:*:*:*:*:*:*:*"
],
"product": "stumasy",
"vendor": "mjperpinosa",
"versions": [
{
"status": "affected",
"version": "327d1b0f2915ba79d7ef8ebb74553e987609d9be"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "gscsd (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security flaw has been discovered in mjperpinosa stumasy up to 327d1b0f2915ba79d7ef8ebb74553e987609d9be. The affected element is the function Notes_controller::accessing_dictionary_authorization of the file application/PHP/objects/notes/accessing_dictionary_authorization.php. The manipulation of the argument Password results in sql injection. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed. The project was informed of the problem early through an issue report but has not responded yet."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-05T13:00:10.692Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-376339 | mjperpinosa stumasy accessing_dictionary_authorization.php accessing_dictionary_authorization sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/376339"
},
{
"name": "VDB-376339 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/376339/cti"
},
{
"name": "CVE-2026-14750 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-14750"
},
{
"name": "Submit #849483 | mjperpinosa stumasy 327d1b0f2915ba79d7ef8ebb74553e987609d9be SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/849483"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/mjperpinosa/stumasy/issues/6"
},
{
"tags": [
"product"
],
"url": "https://github.com/mjperpinosa/stumasy/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-07-04T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-07-04T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-07-04T17:55:32.000Z",
"value": "VulDB entry last update"
}
],
"title": "mjperpinosa stumasy accessing_dictionary_authorization.php accessing_dictionary_authorization sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-14750",
"datePublished": "2026-07-05T13:00:10.692Z",
"dateReserved": "2026-07-04T15:50:19.755Z",
"dateUpdated": "2026-07-07T02:50:24.885Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-14749 (GCVE-0-2026-14749)
Vulnerability from nvd – Published: 2026-07-05 12:45 – Updated: 2026-07-06 18:44
VLAI
EPSS
VEX
Title
mjperpinosa stumasy calculate.php eval code injection
Summary
A vulnerability was identified in mjperpinosa stumasy up to 327d1b0f2915ba79d7ef8ebb74553e987609d9be. Impacted is the function eval of the file application/pages/imba_calculator/calculate.php. The manipulation of the argument mathematical_sentence leads to code injection. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. This product adopts a rolling release strategy to maintain continuous delivery. Therefore, version details for affected or updated releases cannot be specified. The project was informed of the problem early through an issue report but has not responded yet.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/376338 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/376338/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-14749 | third-party-advisory |
| https://vuldb.com/submit/849414 | third-party-advisory |
| https://github.com/mjperpinosa/stumasy/issues/5 | exploitissue-tracking |
| https://github.com/mjperpinosa/stumasy/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| mjperpinosa | stumasy |
Affected:
327d1b0f2915ba79d7ef8ebb74553e987609d9be
cpe:2.3:a:mjperpinosa:stumasy:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-14749",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-06T18:43:51.552820Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-06T18:44:00.629Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:mjperpinosa:stumasy:*:*:*:*:*:*:*:*"
],
"product": "stumasy",
"vendor": "mjperpinosa",
"versions": [
{
"status": "affected",
"version": "327d1b0f2915ba79d7ef8ebb74553e987609d9be"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "gscsd (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was identified in mjperpinosa stumasy up to 327d1b0f2915ba79d7ef8ebb74553e987609d9be. Impacted is the function eval of the file application/pages/imba_calculator/calculate.php. The manipulation of the argument mathematical_sentence leads to code injection. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. This product adopts a rolling release strategy to maintain continuous delivery. Therefore, version details for affected or updated releases cannot be specified. The project was informed of the problem early through an issue report but has not responded yet."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "Code Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-05T12:45:07.950Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-376338 | mjperpinosa stumasy calculate.php eval code injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/376338"
},
{
"name": "VDB-376338 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/376338/cti"
},
{
"name": "CVE-2026-14749 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-14749"
},
{
"name": "Submit #849414 | mjperpinosa stumasy 327d1b0f2915ba79d7ef8ebb74553e987609d9be Code Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/849414"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/mjperpinosa/stumasy/issues/5"
},
{
"tags": [
"product"
],
"url": "https://github.com/mjperpinosa/stumasy/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-07-04T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-07-04T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-07-04T17:46:19.000Z",
"value": "VulDB entry last update"
}
],
"title": "mjperpinosa stumasy calculate.php eval code injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-14749",
"datePublished": "2026-07-05T12:45:07.950Z",
"dateReserved": "2026-07-04T15:41:16.167Z",
"dateUpdated": "2026-07-06T18:44:00.629Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-10807 (GCVE-0-2026-10807)
Vulnerability from nvd – Published: 2026-06-04 12:30 – Updated: 2026-06-04 13:48
VLAI
EPSS
VEX
Title
mjperpinosa stumasy change_profile_image.php unrestricted upload
Summary
A vulnerability was determined in mjperpinosa stumasy. The impacted element is an unknown function of the file application/PHP/objects/profiles/change_profile_image.php. Executing a manipulation of the argument pr_profile_image can lead to unrestricted upload. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases. The project was informed of the problem early through an issue report but has not responded yet.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/368255 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/368255/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-10807 | third-party-advisory |
| https://vuldb.com/submit/831551 | third-party-advisory |
| https://github.com/mjperpinosa/stumasy/issues/3 | exploitissue-tracking |
| https://github.com/mjperpinosa/stumasy/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| mjperpinosa | stumasy |
Affected:
25d695901fbb586bf184b8ba73456d8e5311656c
Affected: 79c86fce86a09adc6edcbd6d56115fbff14ed538 Affected: 327d1b0f2915ba79d7ef8ebb74553e987609d9be cpe:2.3:a:mjperpinosa:stumasy:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-10807",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-04T13:48:14.951725Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-04T13:48:22.393Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:mjperpinosa:stumasy:*:*:*:*:*:*:*:*"
],
"product": "stumasy",
"vendor": "mjperpinosa",
"versions": [
{
"status": "affected",
"version": "25d695901fbb586bf184b8ba73456d8e5311656c"
},
{
"status": "affected",
"version": "79c86fce86a09adc6edcbd6d56115fbff14ed538"
},
{
"status": "affected",
"version": "327d1b0f2915ba79d7ef8ebb74553e987609d9be"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "j1nk1ng (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was determined in mjperpinosa stumasy. The impacted element is an unknown function of the file application/PHP/objects/profiles/change_profile_image.php. Executing a manipulation of the argument pr_profile_image can lead to unrestricted upload. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases. The project was informed of the problem early through an issue report but has not responded yet."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "Unrestricted Upload",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "Improper Access Controls",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-04T12:30:12.057Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-368255 | mjperpinosa stumasy change_profile_image.php unrestricted upload",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/368255"
},
{
"name": "VDB-368255 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/368255/cti"
},
{
"name": "CVE-2026-10807 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-10807"
},
{
"name": "Submit #831551 | mjperpinosa stumasy 1.0 RCE vulnerability",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/831551"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/mjperpinosa/stumasy/issues/3"
},
{
"tags": [
"product"
],
"url": "https://github.com/mjperpinosa/stumasy/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-06-04T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-06-04T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-06-04T07:19:55.000Z",
"value": "VulDB entry last update"
}
],
"title": "mjperpinosa stumasy change_profile_image.php unrestricted upload"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-10807",
"datePublished": "2026-06-04T12:30:12.057Z",
"dateReserved": "2026-06-04T05:14:46.616Z",
"dateUpdated": "2026-06-04T13:48:22.393Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-10806 (GCVE-0-2026-10806)
Vulnerability from nvd – Published: 2026-06-04 12:15 – Updated: 2026-06-04 15:06
VLAI
EPSS
VEX
Title
mjperpinosa stumasy add_post.php unrestricted upload
Summary
A vulnerability was found in mjperpinosa stumasy. The affected element is an unknown function of the file application/PHP/objects/updates/add_post.php. Performing a manipulation of the argument up_file_to_post results in unrestricted upload. The attack may be initiated remotely. The exploit has been made public and could be used. This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available. The project was informed of the problem early through an issue report but has not responded yet.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/368254 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/368254/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-10806 | third-party-advisory |
| https://vuldb.com/submit/831510 | third-party-advisory |
| https://github.com/mjperpinosa/stumasy/issues/1 | exploitissue-tracking |
| https://github.com/mjperpinosa/stumasy/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| mjperpinosa | stumasy |
Affected:
25d695901fbb586bf184b8ba73456d8e5311656c
Affected: 79c86fce86a09adc6edcbd6d56115fbff14ed538 Affected: 327d1b0f2915ba79d7ef8ebb74553e987609d9be cpe:2.3:a:mjperpinosa:stumasy:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-10806",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-04T15:03:00.695671Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-04T15:06:43.546Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:mjperpinosa:stumasy:*:*:*:*:*:*:*:*"
],
"product": "stumasy",
"vendor": "mjperpinosa",
"versions": [
{
"status": "affected",
"version": "25d695901fbb586bf184b8ba73456d8e5311656c"
},
{
"status": "affected",
"version": "79c86fce86a09adc6edcbd6d56115fbff14ed538"
},
{
"status": "affected",
"version": "327d1b0f2915ba79d7ef8ebb74553e987609d9be"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "cnluminous (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in mjperpinosa stumasy. The affected element is an unknown function of the file application/PHP/objects/updates/add_post.php. Performing a manipulation of the argument up_file_to_post results in unrestricted upload. The attack may be initiated remotely. The exploit has been made public and could be used. This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available. The project was informed of the problem early through an issue report but has not responded yet."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "Unrestricted Upload",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "Improper Access Controls",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-04T12:15:10.177Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-368254 | mjperpinosa stumasy add_post.php unrestricted upload",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/368254"
},
{
"name": "VDB-368254 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/368254/cti"
},
{
"name": "CVE-2026-10806 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-10806"
},
{
"name": "Submit #831510 | mjperpinosa stumasy 1.0 RCE vulnerability",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/831510"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/mjperpinosa/stumasy/issues/1"
},
{
"tags": [
"product"
],
"url": "https://github.com/mjperpinosa/stumasy/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-06-04T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-06-04T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-06-04T07:19:48.000Z",
"value": "VulDB entry last update"
}
],
"title": "mjperpinosa stumasy add_post.php unrestricted upload"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-10806",
"datePublished": "2026-06-04T12:15:10.177Z",
"dateReserved": "2026-06-04T05:14:43.960Z",
"dateUpdated": "2026-06-04T15:06:43.546Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-14753 (GCVE-0-2026-14753)
Vulnerability from cvelistv5 – Published: 2026-07-05 13:45 – Updated: 2026-07-06 13:26
VLAI
EPSS
VEX
Title
mjperpinosa stumasy Note Handler/Assignment notes authorization
Summary
A vulnerability was detected in mjperpinosa stumasy up to 327d1b0f2915ba79d7ef8ebb74553e987609d9be. This impacts an unknown function of the file /PHP/objects/notes of the component Note Handler/Assignment Handler. Performing a manipulation of the argument assignment_item_id results in authorization bypass. The attack can be initiated remotely. The exploit is now public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The project was informed of the problem early through an issue report but has not responded yet.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/376342 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/376342/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-14753 | third-party-advisory |
| https://vuldb.com/submit/849496 | third-party-advisory |
| https://github.com/mjperpinosa/stumasy/issues/9 | exploitissue-tracking |
| https://github.com/mjperpinosa/stumasy/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| mjperpinosa | stumasy |
Affected:
327d1b0f2915ba79d7ef8ebb74553e987609d9be
cpe:2.3:a:mjperpinosa:stumasy:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-14753",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-06T13:26:36.439129Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-06T13:26:44.191Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:mjperpinosa:stumasy:*:*:*:*:*:*:*:*"
],
"modules": [
"Note Handler/Assignment Handler"
],
"product": "stumasy",
"vendor": "mjperpinosa",
"versions": [
{
"status": "affected",
"version": "327d1b0f2915ba79d7ef8ebb74553e987609d9be"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "gscsd (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was detected in mjperpinosa stumasy up to 327d1b0f2915ba79d7ef8ebb74553e987609d9be. This impacts an unknown function of the file /PHP/objects/notes of the component Note Handler/Assignment Handler. Performing a manipulation of the argument assignment_item_id results in authorization bypass. The attack can be initiated remotely. The exploit is now public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The project was informed of the problem early through an issue report but has not responded yet."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-639",
"description": "Authorization Bypass",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-05T13:45:08.177Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-376342 | mjperpinosa stumasy Note Handler/Assignment notes authorization",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/376342"
},
{
"name": "VDB-376342 | CTI Indicators (IOB, IOC, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/376342/cti"
},
{
"name": "CVE-2026-14753 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-14753"
},
{
"name": "Submit #849496 | mjperpinosa stumasy 327d1b0f2915ba79d7ef8ebb74553e987609d9be Authorization Bypass Through User-Controlled SQL Primary Key",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/849496"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/mjperpinosa/stumasy/issues/9"
},
{
"tags": [
"product"
],
"url": "https://github.com/mjperpinosa/stumasy/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-07-04T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-07-04T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-07-04T17:55:40.000Z",
"value": "VulDB entry last update"
}
],
"title": "mjperpinosa stumasy Note Handler/Assignment notes authorization"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-14753",
"datePublished": "2026-07-05T13:45:08.177Z",
"dateReserved": "2026-07-04T15:50:27.016Z",
"dateUpdated": "2026-07-06T13:26:44.191Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-14752 (GCVE-0-2026-14752)
Vulnerability from cvelistv5 – Published: 2026-07-05 13:30 – Updated: 2026-07-06 13:08
VLAI
EPSS
VEX
Title
mjperpinosa stumasy add_into_dictionary.php add_definition cross site scripting
Summary
A security vulnerability has been detected in mjperpinosa stumasy up to 327d1b0f2915ba79d7ef8ebb74553e987609d9be. This affects the function add_definition of the file application/PHP/objects/notes/add_into_dictionary.php. Such manipulation of the argument reference leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The project was informed of the problem early through an issue report but has not responded yet.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/376341 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/376341/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-14752 | third-party-advisory |
| https://vuldb.com/submit/849495 | third-party-advisory |
| https://github.com/mjperpinosa/stumasy/issues/8 | exploitissue-tracking |
| https://github.com/mjperpinosa/stumasy/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| mjperpinosa | stumasy |
Affected:
327d1b0f2915ba79d7ef8ebb74553e987609d9be
cpe:2.3:a:mjperpinosa:stumasy:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-14752",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-06T13:08:40.411505Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-06T13:08:48.416Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:mjperpinosa:stumasy:*:*:*:*:*:*:*:*"
],
"product": "stumasy",
"vendor": "mjperpinosa",
"versions": [
{
"status": "affected",
"version": "327d1b0f2915ba79d7ef8ebb74553e987609d9be"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "cnluminous (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability has been detected in mjperpinosa stumasy up to 327d1b0f2915ba79d7ef8ebb74553e987609d9be. This affects the function add_definition of the file application/PHP/objects/notes/add_into_dictionary.php. Such manipulation of the argument reference leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The project was informed of the problem early through an issue report but has not responded yet."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "Code Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-05T13:30:08.679Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-376341 | mjperpinosa stumasy add_into_dictionary.php add_definition cross site scripting",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/376341"
},
{
"name": "VDB-376341 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/376341/cti"
},
{
"name": "CVE-2026-14752 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-14752"
},
{
"name": "Submit #849495 | mjperpinosa stumasy 327d1b0f2915ba79d7ef8ebb74553e987609d9be Cross Site Scripting",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/849495"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/mjperpinosa/stumasy/issues/8"
},
{
"tags": [
"product"
],
"url": "https://github.com/mjperpinosa/stumasy/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-07-04T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-07-04T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-07-04T17:55:37.000Z",
"value": "VulDB entry last update"
}
],
"title": "mjperpinosa stumasy add_into_dictionary.php add_definition cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-14752",
"datePublished": "2026-07-05T13:30:08.679Z",
"dateReserved": "2026-07-04T15:50:24.498Z",
"dateUpdated": "2026-07-06T13:08:48.416Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-14751 (GCVE-0-2026-14751)
Vulnerability from cvelistv5 – Published: 2026-07-05 13:15 – Updated: 2026-07-06 16:50
VLAI
EPSS
VEX
Title
mjperpinosa stumasy search_scratch_data.php search_scratch_data sql injection
Summary
A weakness has been identified in mjperpinosa stumasy up to 327d1b0f2915ba79d7ef8ebb74553e987609d9be. The impacted element is the function Notes_controller::search_scratch_data of the file application/PHP/objects/notes/search_scratch_data.php. This manipulation of the argument field_name causes sql injection. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The project was informed of the problem early through an issue report but has not responded yet.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/376340 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/376340/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-14751 | third-party-advisory |
| https://vuldb.com/submit/849494 | third-party-advisory |
| https://github.com/mjperpinosa/stumasy/issues/7 | exploitissue-tracking |
| https://github.com/mjperpinosa/stumasy/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| mjperpinosa | stumasy |
Affected:
327d1b0f2915ba79d7ef8ebb74553e987609d9be
cpe:2.3:a:mjperpinosa:stumasy:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-14751",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-06T16:36:04.476759Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-06T16:50:05.587Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:mjperpinosa:stumasy:*:*:*:*:*:*:*:*"
],
"product": "stumasy",
"vendor": "mjperpinosa",
"versions": [
{
"status": "affected",
"version": "327d1b0f2915ba79d7ef8ebb74553e987609d9be"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "cnluminous (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A weakness has been identified in mjperpinosa stumasy up to 327d1b0f2915ba79d7ef8ebb74553e987609d9be. The impacted element is the function Notes_controller::search_scratch_data of the file application/PHP/objects/notes/search_scratch_data.php. This manipulation of the argument field_name causes sql injection. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The project was informed of the problem early through an issue report but has not responded yet."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-05T13:15:08.543Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-376340 | mjperpinosa stumasy search_scratch_data.php search_scratch_data sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/376340"
},
{
"name": "VDB-376340 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/376340/cti"
},
{
"name": "CVE-2026-14751 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-14751"
},
{
"name": "Submit #849494 | mjperpinosa stumasy 327d1b0f2915ba79d7ef8ebb74553e987609d9be SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/849494"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/mjperpinosa/stumasy/issues/7"
},
{
"tags": [
"product"
],
"url": "https://github.com/mjperpinosa/stumasy/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-07-04T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-07-04T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-07-04T17:55:35.000Z",
"value": "VulDB entry last update"
}
],
"title": "mjperpinosa stumasy search_scratch_data.php search_scratch_data sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-14751",
"datePublished": "2026-07-05T13:15:08.543Z",
"dateReserved": "2026-07-04T15:50:22.120Z",
"dateUpdated": "2026-07-06T16:50:05.587Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-14750 (GCVE-0-2026-14750)
Vulnerability from cvelistv5 – Published: 2026-07-05 13:00 – Updated: 2026-07-07 02:50
VLAI
EPSS
VEX
Title
mjperpinosa stumasy accessing_dictionary_authorization.php accessing_dictionary_authorization sql injection
Summary
A security flaw has been discovered in mjperpinosa stumasy up to 327d1b0f2915ba79d7ef8ebb74553e987609d9be. The affected element is the function Notes_controller::accessing_dictionary_authorization of the file application/PHP/objects/notes/accessing_dictionary_authorization.php. The manipulation of the argument Password results in sql injection. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed. The project was informed of the problem early through an issue report but has not responded yet.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/376339 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/376339/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-14750 | third-party-advisory |
| https://vuldb.com/submit/849483 | third-party-advisory |
| https://github.com/mjperpinosa/stumasy/issues/6 | exploitissue-tracking |
| https://github.com/mjperpinosa/stumasy/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| mjperpinosa | stumasy |
Affected:
327d1b0f2915ba79d7ef8ebb74553e987609d9be
cpe:2.3:a:mjperpinosa:stumasy:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-14750",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-07T02:50:03.909165Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-07T02:50:24.885Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:mjperpinosa:stumasy:*:*:*:*:*:*:*:*"
],
"product": "stumasy",
"vendor": "mjperpinosa",
"versions": [
{
"status": "affected",
"version": "327d1b0f2915ba79d7ef8ebb74553e987609d9be"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "gscsd (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security flaw has been discovered in mjperpinosa stumasy up to 327d1b0f2915ba79d7ef8ebb74553e987609d9be. The affected element is the function Notes_controller::accessing_dictionary_authorization of the file application/PHP/objects/notes/accessing_dictionary_authorization.php. The manipulation of the argument Password results in sql injection. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed. The project was informed of the problem early through an issue report but has not responded yet."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-05T13:00:10.692Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-376339 | mjperpinosa stumasy accessing_dictionary_authorization.php accessing_dictionary_authorization sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/376339"
},
{
"name": "VDB-376339 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/376339/cti"
},
{
"name": "CVE-2026-14750 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-14750"
},
{
"name": "Submit #849483 | mjperpinosa stumasy 327d1b0f2915ba79d7ef8ebb74553e987609d9be SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/849483"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/mjperpinosa/stumasy/issues/6"
},
{
"tags": [
"product"
],
"url": "https://github.com/mjperpinosa/stumasy/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-07-04T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-07-04T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-07-04T17:55:32.000Z",
"value": "VulDB entry last update"
}
],
"title": "mjperpinosa stumasy accessing_dictionary_authorization.php accessing_dictionary_authorization sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-14750",
"datePublished": "2026-07-05T13:00:10.692Z",
"dateReserved": "2026-07-04T15:50:19.755Z",
"dateUpdated": "2026-07-07T02:50:24.885Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-14749 (GCVE-0-2026-14749)
Vulnerability from cvelistv5 – Published: 2026-07-05 12:45 – Updated: 2026-07-06 18:44
VLAI
EPSS
VEX
Title
mjperpinosa stumasy calculate.php eval code injection
Summary
A vulnerability was identified in mjperpinosa stumasy up to 327d1b0f2915ba79d7ef8ebb74553e987609d9be. Impacted is the function eval of the file application/pages/imba_calculator/calculate.php. The manipulation of the argument mathematical_sentence leads to code injection. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. This product adopts a rolling release strategy to maintain continuous delivery. Therefore, version details for affected or updated releases cannot be specified. The project was informed of the problem early through an issue report but has not responded yet.
Severity
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/376338 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/376338/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-14749 | third-party-advisory |
| https://vuldb.com/submit/849414 | third-party-advisory |
| https://github.com/mjperpinosa/stumasy/issues/5 | exploitissue-tracking |
| https://github.com/mjperpinosa/stumasy/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| mjperpinosa | stumasy |
Affected:
327d1b0f2915ba79d7ef8ebb74553e987609d9be
cpe:2.3:a:mjperpinosa:stumasy:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-14749",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-06T18:43:51.552820Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-06T18:44:00.629Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:mjperpinosa:stumasy:*:*:*:*:*:*:*:*"
],
"product": "stumasy",
"vendor": "mjperpinosa",
"versions": [
{
"status": "affected",
"version": "327d1b0f2915ba79d7ef8ebb74553e987609d9be"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "gscsd (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was identified in mjperpinosa stumasy up to 327d1b0f2915ba79d7ef8ebb74553e987609d9be. Impacted is the function eval of the file application/pages/imba_calculator/calculate.php. The manipulation of the argument mathematical_sentence leads to code injection. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. This product adopts a rolling release strategy to maintain continuous delivery. Therefore, version details for affected or updated releases cannot be specified. The project was informed of the problem early through an issue report but has not responded yet."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "Code Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-05T12:45:07.950Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-376338 | mjperpinosa stumasy calculate.php eval code injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/376338"
},
{
"name": "VDB-376338 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/376338/cti"
},
{
"name": "CVE-2026-14749 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-14749"
},
{
"name": "Submit #849414 | mjperpinosa stumasy 327d1b0f2915ba79d7ef8ebb74553e987609d9be Code Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/849414"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/mjperpinosa/stumasy/issues/5"
},
{
"tags": [
"product"
],
"url": "https://github.com/mjperpinosa/stumasy/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-07-04T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-07-04T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-07-04T17:46:19.000Z",
"value": "VulDB entry last update"
}
],
"title": "mjperpinosa stumasy calculate.php eval code injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-14749",
"datePublished": "2026-07-05T12:45:07.950Z",
"dateReserved": "2026-07-04T15:41:16.167Z",
"dateUpdated": "2026-07-06T18:44:00.629Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-10807 (GCVE-0-2026-10807)
Vulnerability from cvelistv5 – Published: 2026-06-04 12:30 – Updated: 2026-06-04 13:48
VLAI
EPSS
VEX
Title
mjperpinosa stumasy change_profile_image.php unrestricted upload
Summary
A vulnerability was determined in mjperpinosa stumasy. The impacted element is an unknown function of the file application/PHP/objects/profiles/change_profile_image.php. Executing a manipulation of the argument pr_profile_image can lead to unrestricted upload. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases. The project was informed of the problem early through an issue report but has not responded yet.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/368255 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/368255/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-10807 | third-party-advisory |
| https://vuldb.com/submit/831551 | third-party-advisory |
| https://github.com/mjperpinosa/stumasy/issues/3 | exploitissue-tracking |
| https://github.com/mjperpinosa/stumasy/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| mjperpinosa | stumasy |
Affected:
25d695901fbb586bf184b8ba73456d8e5311656c
Affected: 79c86fce86a09adc6edcbd6d56115fbff14ed538 Affected: 327d1b0f2915ba79d7ef8ebb74553e987609d9be cpe:2.3:a:mjperpinosa:stumasy:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-10807",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-04T13:48:14.951725Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-04T13:48:22.393Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:mjperpinosa:stumasy:*:*:*:*:*:*:*:*"
],
"product": "stumasy",
"vendor": "mjperpinosa",
"versions": [
{
"status": "affected",
"version": "25d695901fbb586bf184b8ba73456d8e5311656c"
},
{
"status": "affected",
"version": "79c86fce86a09adc6edcbd6d56115fbff14ed538"
},
{
"status": "affected",
"version": "327d1b0f2915ba79d7ef8ebb74553e987609d9be"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "j1nk1ng (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was determined in mjperpinosa stumasy. The impacted element is an unknown function of the file application/PHP/objects/profiles/change_profile_image.php. Executing a manipulation of the argument pr_profile_image can lead to unrestricted upload. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases. The project was informed of the problem early through an issue report but has not responded yet."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "Unrestricted Upload",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "Improper Access Controls",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-04T12:30:12.057Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-368255 | mjperpinosa stumasy change_profile_image.php unrestricted upload",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/368255"
},
{
"name": "VDB-368255 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/368255/cti"
},
{
"name": "CVE-2026-10807 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-10807"
},
{
"name": "Submit #831551 | mjperpinosa stumasy 1.0 RCE vulnerability",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/831551"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/mjperpinosa/stumasy/issues/3"
},
{
"tags": [
"product"
],
"url": "https://github.com/mjperpinosa/stumasy/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-06-04T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-06-04T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-06-04T07:19:55.000Z",
"value": "VulDB entry last update"
}
],
"title": "mjperpinosa stumasy change_profile_image.php unrestricted upload"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-10807",
"datePublished": "2026-06-04T12:30:12.057Z",
"dateReserved": "2026-06-04T05:14:46.616Z",
"dateUpdated": "2026-06-04T13:48:22.393Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-10806 (GCVE-0-2026-10806)
Vulnerability from cvelistv5 – Published: 2026-06-04 12:15 – Updated: 2026-06-04 15:06
VLAI
EPSS
VEX
Title
mjperpinosa stumasy add_post.php unrestricted upload
Summary
A vulnerability was found in mjperpinosa stumasy. The affected element is an unknown function of the file application/PHP/objects/updates/add_post.php. Performing a manipulation of the argument up_file_to_post results in unrestricted upload. The attack may be initiated remotely. The exploit has been made public and could be used. This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available. The project was informed of the problem early through an issue report but has not responded yet.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
6 references
| URL | Tags |
|---|---|
| https://vuldb.com/vuln/368254 | vdb-entrytechnical-description |
| https://vuldb.com/vuln/368254/cti | signaturepermissions-required |
| https://vuldb.com/cve/CVE-2026-10806 | third-party-advisory |
| https://vuldb.com/submit/831510 | third-party-advisory |
| https://github.com/mjperpinosa/stumasy/issues/1 | exploitissue-tracking |
| https://github.com/mjperpinosa/stumasy/ | product |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| mjperpinosa | stumasy |
Affected:
25d695901fbb586bf184b8ba73456d8e5311656c
Affected: 79c86fce86a09adc6edcbd6d56115fbff14ed538 Affected: 327d1b0f2915ba79d7ef8ebb74553e987609d9be cpe:2.3:a:mjperpinosa:stumasy:*:*:*:*:*:*:*:* |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-10806",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-04T15:03:00.695671Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-04T15:06:43.546Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:mjperpinosa:stumasy:*:*:*:*:*:*:*:*"
],
"product": "stumasy",
"vendor": "mjperpinosa",
"versions": [
{
"status": "affected",
"version": "25d695901fbb586bf184b8ba73456d8e5311656c"
},
{
"status": "affected",
"version": "79c86fce86a09adc6edcbd6d56115fbff14ed538"
},
{
"status": "affected",
"version": "327d1b0f2915ba79d7ef8ebb74553e987609d9be"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "cnluminous (VulDB User)"
},
{
"lang": "en",
"type": "coordinator",
"value": "VulDB CNA Team"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in mjperpinosa stumasy. The affected element is an unknown function of the file application/PHP/objects/updates/add_post.php. Performing a manipulation of the argument up_file_to_post results in unrestricted upload. The attack may be initiated remotely. The exploit has been made public and could be used. This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available. The project was informed of the problem early through an issue report but has not responded yet."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "Unrestricted Upload",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "Improper Access Controls",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-04T12:15:10.177Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-368254 | mjperpinosa stumasy add_post.php unrestricted upload",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/vuln/368254"
},
{
"name": "VDB-368254 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/vuln/368254/cti"
},
{
"name": "CVE-2026-10806 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/cve/CVE-2026-10806"
},
{
"name": "Submit #831510 | mjperpinosa stumasy 1.0 RCE vulnerability",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/submit/831510"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/mjperpinosa/stumasy/issues/1"
},
{
"tags": [
"product"
],
"url": "https://github.com/mjperpinosa/stumasy/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-06-04T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-06-04T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-06-04T07:19:48.000Z",
"value": "VulDB entry last update"
}
],
"title": "mjperpinosa stumasy add_post.php unrestricted upload"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-10806",
"datePublished": "2026-06-04T12:15:10.177Z",
"dateReserved": "2026-06-04T05:14:43.960Z",
"dateUpdated": "2026-06-04T15:06:43.546Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}