SQL Injection in T-systems Buroweb
CVE-2026-1432
SQL injection vulnerability in the Buroweb platform version 2505.0.12, specifically in the 'tablon' component. This vulnerability is present in several parameters that do not correctly sanitize user input in the endpoint '/sta/CarpetaPubli…
Vulnerability class: SQL Injection
EPSS: 0.003 (23.2th percentile) — read the EPSS interpretation.
Affected products
- T-systems Buroweb — versions 0
Weakness classification (CWE)
References
- cve-coordination@incibe.es (patch)