Phpscript-sgh 0.1.0 - Time Based Blind SQL Injection Severity: HIGH Date: January 27, 2026 Version: Phpscript-sgh 0.1.0 Vulnerability Type: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') CVSS V4 Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N References: - ExploitDB-49192 - Vendor Homepage Credit: KeopssGroup0day, Inc Description Phpscript-sgh 0.1.0 contains a time-based blind SQL injection vulnerability in the admin interface that allows attackers to manipulate database queries through the 'id' parameter. Attackers can exploit this vulnerability by crafting malicious payloads that trigger time delays, enabling them to extract sensitive database information through conditional sleep techniques.