PatchSiren cyber security CVE debrief
CVE-2026-40766 StylemixThemes CVE debrief
A Subscriber SQL Injection vulnerability was discovered in MasterStudy LMS versions up to 3.7.25. This vulnerability allows attackers to inject malicious SQL code, potentially leading to unauthorized data access or modification. The CVSS score for this vulnerability is 8.5, indicating HIGH severity. The vulnerability was published on [cvePublishedAt] and last modified on [cveModifiedAt].
- Vendor
- StylemixThemes
- Product
- MasterStudy LMS
- CVSS
- HIGH 8.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-15
- Original CVE updated
- 2026-06-15
- Advisory published
- 2026-06-15
- Advisory updated
- 2026-06-15
Who should care
Users of MasterStudy LMS versions up to 3.7.25 should be aware of this vulnerability and take necessary actions to mitigate the risk.
Technical summary
The vulnerability is a SQL Injection issue, which occurs when user input is not properly sanitized, allowing attackers to inject malicious SQL code. In this case, the vulnerability affects subscribers in MasterStudy LMS versions up to 3.7.25.
Defensive priority
HIGH
Recommended defensive actions
- Update MasterStudy LMS to a version that is not vulnerable (if available).
- Implement input validation and sanitization to prevent SQL injection attacks.
- Monitor your installation for suspicious activity.
Evidence notes
Evidence for this CVE comes from Patchstack, as indicated by [ref-4].
Official resources
-
CVE-2026-40766 CVE record
CVE.org
-
CVE-2026-40766 NVD detail
NVD
-
Source item URL
nvd_modified
- Mitigation or vendor reference
CVE-2026-40766 was published on 2026-06-15T21:16:49.237Z and last modified on 2026-06-15T21:24:32.790Z.