PatchSiren cyber security CVE debrief
CVE-2026-11453 Tiobon CVE debrief
A SQL injection vulnerability was found in Tiobon Employee Self-Service System up to version 7.2. The vulnerability affects the /Blog/BlogSearch.aspx file in an unknown functionality of the Login Endpoint. The manipulation of the argument Keyword results in SQL injection. The attack can be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
- Vendor
- Tiobon
- Product
- Employee Self-Service System
- CVSS
- LOW 2.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-07
- Original CVE updated
- 2026-06-08
- Advisory published
- 2026-06-07
- Advisory updated
- 2026-06-08
Who should care
Users of Tiobon Employee Self-Service System up to version 7.2
Technical summary
The vulnerability has a CVSS score of 2.1 and a CVSS severity of LOW. It is classified as CWE-74 and CWE-89.
Defensive priority
Low
Recommended defensive actions
- Update Tiobon Employee Self-Service System to a version that is not vulnerable
- Implement input validation and sanitization for user input
- Use prepared statements to prevent SQL injection
Evidence notes
The vulnerability was found in the /Blog/BlogSearch.aspx file of the Login Endpoint. The exploit has been made public and could be used.
Official resources
CVE-2026-11453 was published on 2026-06-07T04:16:30.147Z and modified on 2026-06-08T14:57:14.757Z.