SQL Injection in T-systems Buroweb

CVE-2026-1432

SQL injection vulnerability in the Buroweb platform version 2505.0.12, specifically in the 'tablon' component. This vulnerability is present in several parameters that do not correctly sanitize user input in the endpoint '/sta/CarpetaPubli…

Vulnerability class: SQL Injection

EPSS: 0.003 (23.2th percentile) — read the EPSS interpretation.

Affected products

Weakness classification (CWE)

References