CVE-2026-38581

AI Predicted 9.8 Difficulty: Easy EPSS 0.33% · P25 Updated Jun 13, 2026

Possible ATT&CK Techniques 3AI

T1005 · Data from Local System T1059 · Command and Scripting Interpreter T1190 · Exploit Public-Facing Application

Affected Version Matrix 1

Vendor	Product	Version Range	Status
n/a	n/a	`n/a`	affected

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-38581

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

SQL Injection vulnerability in damasac thaipalliative_lte through version 3.0 allows remote attackers to execute arbitrary SQL commands via the idFormMain parameter to /substudy/ezform.php (line 14) and the id parameter (line 49). The parameters are concatenated directly into SQL queries without sanitization or parameterized statements.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

Thai Palliative SQL注入漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Thai Palliative是DAMASAC KKU开源的一个PHP框架修改版工具。 Thai Palliative 3.0版本及之前版本存在SQL注入漏洞，该漏洞源于对idFormMain参数和id参数未进行清理或参数化处理，可能导致远程攻击者执行任意SQL命令。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2026-38581

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2026-38581

请登录查看更多情报信息。

Vendor Advisories for CVE-2026-38581 (1)

🔗 advisories/2026/CVE-2026-38581.md at main · theemperorspath/advisories · GitHub Read full article

Proof of Concept for CVE-2026-38581 (1)

🔗 thaipalliative_lte/substudy/ezform.php at 57b57630fb403eba524533062ef5244e9b7c4380 · damasac/thaipalliative_lte · GitHub Read full article

https://nvd.nist.gov/vuln/detail/CVE-2026-38581

IV. Related Vulnerabilities

Same product: n/a

Same vendor: n/a

V. Comments for CVE-2026-38581

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2026-38581

Possible ATT&CK Techniques 3AI

Affected Version Matrix 1

I. Basic Information for CVE-2026-38581

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2026-38581

III. Intelligence Information for CVE-2026-38581

Vendor Advisories for CVE-2026-38581 (1)

Proof of Concept for CVE-2026-38581 (1)

IV. Related Vulnerabilities

V. Comments for CVE-2026-38581

Leave a comment