Search

Find a vulnerability

Search criteria

    2 vulnerabilities by sergomanov

    CVE-2026-15498 (GCVE-0-2026-15498)

    Vulnerability from nvd – Published: 2026-07-12 11:30 – Updated: 2026-07-12 11:30
    VLAI
    Title
    sergomanov SmartHomeAdatum Login users.php sql injection
    Summary
    A vulnerability was identified in sergomanov SmartHomeAdatum up to cf495353d81b680675eb8d9aa14a318aa45ce12c. This impacts an unknown function of the file users.php of the component Login. Such manipulation of the argument Login leads to sql injection. The attack may be launched remotely. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases. The vendor was contacted early about this disclosure but did not respond in any way.
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/vuln/377805 vdb-entrytechnical-description
    https://vuldb.com/vuln/377805/cti signaturepermissions-required
    https://vuldb.com/cve/CVE-2026-15498 third-party-advisory
    https://vuldb.com/submit/844491 third-party-advisory
    Impacted products
    Vendor Product Version
    sergomanov SmartHomeAdatum Affected: cf495353d81b680675eb8d9aa14a318aa45ce12c
        cpe:2.3:a:sergomanov:smarthomeadatum:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Dest1ny_2 (VulDB User) VulDB CNA Team
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:sergomanov:smarthomeadatum:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "Login"
              ],
              "product": "SmartHomeAdatum",
              "vendor": "sergomanov",
              "versions": [
                {
                  "status": "affected",
                  "version": "cf495353d81b680675eb8d9aa14a318aa45ce12c"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Dest1ny_2 (VulDB User)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "VulDB CNA Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was identified in sergomanov SmartHomeAdatum up to cf495353d81b680675eb8d9aa14a318aa45ce12c. This impacts an unknown function of the file users.php of the component Login. Such manipulation of the argument Login leads to sql injection. The attack may be launched remotely. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases. The vendor was contacted early about this disclosure but did not respond in any way."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 7.5,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:ND/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "SQL Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-12T11:30:07.445Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-377805 | sergomanov SmartHomeAdatum Login users.php sql injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/377805"
            },
            {
              "name": "VDB-377805 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/377805/cti"
            },
            {
              "name": "CVE-2026-15498 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-15498"
            },
            {
              "name": "Submit #844491 | sergomanov SmartHomeAdatum latest (2026-06, no formal release) SQL Injection",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/844491"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-11T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-07-11T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-07-11T14:41:12.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "sergomanov SmartHomeAdatum Login users.php sql injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-15498",
        "datePublished": "2026-07-12T11:30:07.445Z",
        "dateReserved": "2026-07-11T12:36:09.558Z",
        "dateUpdated": "2026-07-12T11:30:07.445Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-15498 (GCVE-0-2026-15498)

    Vulnerability from cvelistv5 – Published: 2026-07-12 11:30 – Updated: 2026-07-12 11:30
    VLAI
    Title
    sergomanov SmartHomeAdatum Login users.php sql injection
    Summary
    A vulnerability was identified in sergomanov SmartHomeAdatum up to cf495353d81b680675eb8d9aa14a318aa45ce12c. This impacts an unknown function of the file users.php of the component Login. Such manipulation of the argument Login leads to sql injection. The attack may be launched remotely. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases. The vendor was contacted early about this disclosure but did not respond in any way.
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/vuln/377805 vdb-entrytechnical-description
    https://vuldb.com/vuln/377805/cti signaturepermissions-required
    https://vuldb.com/cve/CVE-2026-15498 third-party-advisory
    https://vuldb.com/submit/844491 third-party-advisory
    Impacted products
    Vendor Product Version
    sergomanov SmartHomeAdatum Affected: cf495353d81b680675eb8d9aa14a318aa45ce12c
        cpe:2.3:a:sergomanov:smarthomeadatum:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Dest1ny_2 (VulDB User) VulDB CNA Team
    Show details on NVD website

    {
      "containers": {
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:sergomanov:smarthomeadatum:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "Login"
              ],
              "product": "SmartHomeAdatum",
              "vendor": "sergomanov",
              "versions": [
                {
                  "status": "affected",
                  "version": "cf495353d81b680675eb8d9aa14a318aa45ce12c"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Dest1ny_2 (VulDB User)"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "VulDB CNA Team"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was identified in sergomanov SmartHomeAdatum up to cf495353d81b680675eb8d9aa14a318aa45ce12c. This impacts an unknown function of the file users.php of the component Login. Such manipulation of the argument Login leads to sql injection. The attack may be launched remotely. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases. The vendor was contacted early about this disclosure but did not respond in any way."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 7.5,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:ND/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "SQL Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-12T11:30:07.445Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-377805 | sergomanov SmartHomeAdatum Login users.php sql injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/377805"
            },
            {
              "name": "VDB-377805 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/377805/cti"
            },
            {
              "name": "CVE-2026-15498 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-15498"
            },
            {
              "name": "Submit #844491 | sergomanov SmartHomeAdatum latest (2026-06, no formal release) SQL Injection",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/844491"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-11T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-07-11T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-07-11T14:41:12.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "sergomanov SmartHomeAdatum Login users.php sql injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-15498",
        "datePublished": "2026-07-12T11:30:07.445Z",
        "dateReserved": "2026-07-11T12:36:09.558Z",
        "dateUpdated": "2026-07-12T11:30:07.445Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }