SQL Injection in Crm Sistemas De Fidelización Megacms

CVE-2026-3325

SQL injection (SQLi) in MegaCMS v12.0.0, specifically in the “id_territorio” parameter of the “/web_comunications/cms/get_provincias” endpoint. The vulnerability arises from inadequate validation and sanitisation of user input. Specificall…

Vulnerability class: SQL Injection

EPSS: 0.001 (19.7th percentile) — read the EPSS interpretation.