CVE-2026-42425 | OpenKM Community Edition/Professional Edition up to 6.3.12 /admin/DatabaseQuery qs sql injection (Exploit 52520)

A vulnerability was found in OpenKM Community Edition and Professional Edition up to 6.3.12 and classified as critical. Impacted is an unknown function of the file /admin/DatabaseQuery. Executing a manipulation of the argument qs can lead to sql injection.

This vulnerability is handled as CVE-2026-42425. The attack can be executed remotely. Additionally, an exploit exists.VulDB Recent EntriesRead More