CVE-2026-8734 | Oinone Pamirs up to 7.2.0 queryListByWrapper Interface RSQLToSQLNodeConnector.makeVariable sql injection

A vulnerability classified as critical has been found in Oinone Pamirs up to 7.2.0. Affected by this issue is the function RSQLToSQLNodeConnector.makeVariable of the component queryListByWrapper Interface. This manipulation causes sql injection.

This vulnerability is handled as CVE-2026-8734. The attack can be initiated remotely. Additionally, an exploit exists.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More