CVE-2026-58492 - grav-plugin-database: SQL Injection in PDO::tableExists() due to Unsanitized Table Name Interpolation
CVE ID :CVE-2026-58492 Published : July 10, 2026, 5:17 p.m. | 1 hour, 15 minutes ago Description :grav-plugin-database is the database plugin for Grav CMS. Prior to 1.2.0, the PDO::tableExists method interpolates its table argument directly into a raw SQL query string without sanitization,...