What is CVE-2026-4234?

CVE-2026-4234 is a medium-severity vulnerability in Sscms, classified under Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection). CVSS score: 6.3/10. Published 2026-03-16.

How severe is CVE-2026-4234?

Medium severity. CVSS v3 base score is 6.3 out of 10.

SQL Injection in Sscms

CVE-2026-4234

A security flaw has been discovered in SSCMS 7.4.0. This vulnerability affects unknown code of the file SitesAddController.Submit.cs of the component DDL Handler. The manipulation of the argument tableHandWrite results in sql injection. Th…

EPSS: 0.000 (12.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L.

Affected products

N/a Sscms — versions 7.4.0

Weakness classification (CWE)

References

VDB-351157 | SSCMS DDL SitesAddController.Submit.cs sql injection (technical-description, vdb-entry)
VDB-351157 | CTI Indicators (IOB, IOC, TTP, IOA) (signature, permissions-required)
Submit #771238 | SSCMS V7.4.0 DDL Injection (third-party-advisory)
cna@vuldb.com (exploit)

Frequently asked questions

What is CVE-2026-4234?: CVE-2026-4234 is a medium-severity vulnerability in Sscms, classified under Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection). CVSS score: 6.3/10. Published 2026-03-16.
How severe is CVE-2026-4234?: Medium severity. CVSS v3 base score is 6.3 out of 10.