[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"public-cve-CVE-2026-38581":3,"news-by-cve-CVE-2026-38581-10":38},{"state":4,"cvss_version":5,"exploit_count":6,"attack_technique_count":6,"affected_product_count":7,"weaknesses":8,"sources":9,"id":12,"source_identifier":13,"assigner_short_name":14,"date_published":15,"cvss_severity":16,"nvd_cvss_vector":14,"kev_ransomware_use":17,"description":18,"sectors":19,"attack_tactics":20,"has_nuclei_templates":17,"date_updated":21,"nvd_cvss_severity":14,"has_workaround":17,"reference_count":22,"tags":23,"remediation_summary":24,"title":25,"assigner_org":14,"cvss_vector":26,"has_ai_summary":17,"in_kev":17,"nuclei_template_count":6,"affected_products_preview":27,"vendor_context":30,"has_solution":17,"attack_techniques":31,"references_preview":32,"has_attack_graph":17,"cvss_score":37,"cvss_source":10,"has_exploit":17},"PUBLISHED","3.1",0,1,[],[10,11],"cvelist","nvd","CVE-2026-38581","8254265b-2729-46b6-b9e3-3dfca2d5bfca","","2026-06-11T00:00:00Z","CRITICAL",false,"SQL Injection vulnerability in damasac thaipalliative_lte through version 3.0 allows remote attackers to execute arbitrary SQL commands via the idFormMain parameter to /substudy/ezform.php (line 14) and the id parameter (line 49). The parameters are concatenated directly into SQL queries without sanitization or parameterized statements.",[],[],"2026-06-11T15:34:16Z",2,[],{"has_patch":17,"has_workaround":17},"SQL Injection vulnerability in damasac thaipalliative_lte through version 3.0 allows remote attackers to execute arbitrary SQL commands via the idFormMain parameter to /substudy/ezform.php (line 14...","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",[28],{"vendor":29,"product":29},"n/a",[],[],[33,35],{"url":34,"source":10},"https://github.com/damasac/thaipalliative_lte/blob/57b57630fb403eba524533062ef5244e9b7c4380/substudy/ezform.php#L14",{"url":36,"source":10},"https://github.com/theemperorspath/advisories/blob/main/2026/CVE-2026-38581.md",9.8,{"cve_id":12,"items":39,"total":6},[]]