PowerJob detailPlus Endpoint InstanceController.java sql injection_CVE-2026-5736

6.9 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was identified in PowerJob 5.1.0/5.1.1/5.1.2. Impacted is an unknown function of the file powerjob-server/powerjob-server-starter/src/main/java/tech/powerjob/server/web/controller/InstanceController.java of the component detailPlus Endpoint. The manipulation of the argument customQuery leads to sql injection. Remote exploitation of the attack is possible. The project was informed of the problem early through an issue report but has not responded yet.

Basic Information

ID CVE-2026-5736

Source VulDB

Published Apr 7, 2026 at 18:45

Modified Apr 8, 2026 at 16:15

Affected Product

Vendor n/a

Product PowerJob

Version 5.1.0

Affected Versions n/a PowerJob 5.1.0
n/a PowerJob 5.1.1
n/a PowerJob 5.1.2

CWE Classification

CWE-89 CWE-74

References

{
    "lastseen": "",
    "description": "A vulnerability was identified in PowerJob 5.1.0/5.1.1/5.1.2. Impacted is an unknown function of the file powerjob-server/powerjob-server-starter/src/main/java/tech/powerjob/server/web/controller/InstanceController.java of the component detailPlus Endpoint. The manipulation of the argument customQuery leads to sql injection. Remote exploitation of the attack is possible. The project was informed of the problem early through an issue report but has not responded yet.",
    "published": "2026-04-07T18:45:15.491Z",
    "modified": "2026-04-08T16:15:07.755Z",
    "type": "cve",
    "title": "PowerJob detailPlus Endpoint InstanceController.java sql injection",
    "source": "VulDB",
    "references": "https://vuldb.com/vuln/355746\nhttps://vuldb.com/vuln/355746/cti\nhttps://vuldb.com/submit/786727\nhttps://github.com/PowerJob/PowerJob/issues/1167\nhttps://github.com/PowerJob/PowerJob/pull/1166\nhttps://github.com/PowerJob/PowerJob/",
    "id": "CVE-2026-5736",
    "bulletinFamily": "",
    "cwe": [
        "CWE-89",
        "CWE-74"
    ],
    "cvelist": null,
    "sourceData": "n/a PowerJob 5.1.0\nn/a PowerJob 5.1.1\nn/a PowerJob 5.1.2",
    "sourceHref": "",
    "cvss": {
        "score": 6.9,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "PowerJob",
    "version": "5.1.0",
    "vendor": "n/a",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}