CRITICALCVE-2026-42569Published Modified CNA GitHub_M
CVE-2026-42569: phpvms: /importer authorization bypass causing full database wipe
phpVMS is a PHP application to run and simulate an airline. Prior to version 7.0.6, a critical vulnerability in phpVMS allowed unauthenticated access to a legacy import feature. This issue has been patched in version 7.0.6.
Metrics
- CVSS v3.1
- 9.4
- Severity
- CRITICAL
- Fixed in
- —
- Affected Products
- 1
Affected packages
- phpvms / phpvms< 7.0.6
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H