MEDIUM
xianrendzw
CVE published 2026-05-26
CVE-2026-9524
A SQL injection vulnerability exists in xianrendzw EasyReport up to version 2.0.17.0522_Beta. The vulnerability resides in the `execute` function of a REST endpoint component, where improper sanitization of the `reportParams` argument allows remote attackers to inject malicious SQL commands. The vulnerability has a CVSS 4.0 base score of 5.3 (MEDIUM severity) with network attack vector, low attack complex [truncated]