CRITICAL
eMagicOne
CVE published 2026-05-25
CVE-2026-42773
A critical blind SQL injection vulnerability exists in eMagicOne Store Manager, affecting versions up to and including 1.3.2. The vulnerability stems from improper neutralization of special elements in SQL commands (CWE-89), allowing attackers to execute arbitrary SQL queries without authentication. The CVSS 3.1 score of 9.3 reflects network attack vector, low attack complexity, no privileges required, no [truncated]