CVE-2026-4234 | SSCMS 7.4.0 DDL SitesAddController.Submit.cs tableHandWrite sql injection

A vulnerability categorized as critical has been discovered in SSCMS 7.4.0. This vulnerability affects unknown code of the file SitesAddController.Submit.cs of the component DDL Handler. The manipulation of the argument tableHandWrite results in sql injection.

This vulnerability is identified as CVE-2026-4234. The attack can be executed remotely. Additionally, an exploit exists.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More