CVE-2026-5577: SQL Injection in Song-Li cross_browser
Platform
python
Component
song-li-cross_browser
CVE-2026-5577 represents a SQL Injection vulnerability discovered within the Song-Li cross_browser software, specifically impacting the Endpoint component within the flask/uniquemachine_app.py file. Successful exploitation could allow an attacker to manipulate database queries, potentially leading to unauthorized data access or modification. This vulnerability affects versions up to ca690f0fe6954fd9bcda36d071b68ed8682a786a, and as of the publication date, no official patch has been released.
How to fix
Actualice la aplicación Song-Li cross_browser a una versión corregida. Debido a que se trata de un rolling release y el proveedor no ha respondido, se recomienda revisar el código fuente y aplicar parches de seguridad para prevenir la inyección SQL en el endpoint 'details'. Implemente validación y sanitización de entradas para evitar la manipulación maliciosa de los argumentos.
Frequently asked questions
What is CVE-2026-5577?
CVE-2026-5577 is a SQL Injection vulnerability in Song-Li cross_browser. It allows attackers to inject malicious SQL code through the ID argument, potentially compromising the database.
Am I affected by CVE-2026-5577?
If you are using Song-Li cross_browser versions up to ca690f0fe6954fd9bcda36d071b68ed8682a786a, you are potentially affected by this vulnerability. Due to the rolling release model, specific affected versions are unavailable.
How can I fix or mitigate CVE-2026-5577?
No official patch is currently available. Mitigation strategies may include input validation, parameterized queries, and restricting database access. Contacting the vendor is recommended, although they have not responded to initial disclosure.
Monitor your dependencies automatically
Get notified when new vulnerabilities affect your projects. Free forever.
Start free