A vulnerability was found in Tiobon Employee Self-Service System up to 7.2. Affected by this vulnerability is an unknown functionality of the file /Blog/BlogSearch.aspx of the component Login Endpoint. The manipulation of the argument Keyword results in sql injection. The attack can be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
PUBLISHED5.2ApplicationCWE-89CWE-74
Tiobon Employee Self-Service System Login Endpoint BlogSearch.aspx sql injection
Problem type
Affected products
Tiobon
Employee Self-Service System
7.0 - AFFECTED
7.1 - AFFECTED
7.2 - AFFECTED
References
VDB-369073 | Tiobon Employee Self-Service System Login Endpoint BlogSearch.aspx sql injection
https://vuldb.com/vuln/369073
VDB-369073 | CTI Indicators (IOB, IOC, TTP, IOA)
https://vuldb.com/vuln/369073/cti
CVE-2026-11453 | CVE Analysis and Report
https://vuldb.com/cve/CVE-2026-11453
Submit #826640 | Tiobon Employee Self-Service (ESS) system ≤ 7.2 SQL Injection
https://vuldb.com/submit/826640
drive.google.com
https://drive.google.com/file/d/1kRvYG4Mi2kDtPv1HpY_86KiMcWGqGMnl/view?usp=drive_link
GitHub Security Advisories
GHSA-44h7-ppq3-383m
A vulnerability was found in Tiobon Employee Self-Service System up to 7.2. Affected by this...
https://github.com/advisories/GHSA-44h7-ppq3-383mA vulnerability was found in Tiobon Employee Self-Service System up to 7.2. Affected by this vulnerability is an unknown functionality of the file /Blog/BlogSearch.aspx of the component Login Endpoint. The manipulation of the argument Keyword results in sql injection. The attack can be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
nvd.nist.gov
https://nvd.nist.gov/vuln/detail/CVE-2026-11453
drive.google.com
https://drive.google.com/file/d/1kRvYG4Mi2kDtPv1HpY_86KiMcWGqGMnl/view?usp=drive_link
vuldb.com
https://vuldb.com/cve/CVE-2026-11453
vuldb.com
https://vuldb.com/submit/826640
vuldb.com
https://vuldb.com/vuln/369073
vuldb.com
https://vuldb.com/vuln/369073/cti
github.com
https://github.com/advisories/GHSA-44h7-ppq3-383m
JSON source
https://cveawg.mitre.org/api/cve/CVE-2026-11453Click to expand
{
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"cveMetadata": {
"cveId": "CVE-2026-11453",
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"dateUpdated": "2026-06-07T03:45:07.431Z",
"dateReserved": "2026-06-06T10:40:55.158Z",
"datePublished": "2026-06-07T03:45:07.431Z",
"state": "PUBLISHED"
},
"containers": {
"cna": {
"providerMetadata": {
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB",
"dateUpdated": "2026-06-07T03:45:07.431Z"
},
"title": "Tiobon Employee Self-Service System Login Endpoint BlogSearch.aspx sql injection",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Tiobon Employee Self-Service System up to 7.2. Affected by this vulnerability is an unknown functionality of the file /Blog/BlogSearch.aspx of the component Login Endpoint. The manipulation of the argument Keyword results in sql injection. The attack can be launched remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"affected": [
{
"vendor": "Tiobon",
"product": "Employee Self-Service System",
"cpes": [
"cpe:2.3:a:tiobon:employee_self-service_system:*:*:*:*:*:*:*:*"
],
"modules": [
"Login Endpoint"
],
"versions": [
{
"version": "7.0",
"status": "affected"
},
{
"version": "7.1",
"status": "affected"
},
{
"version": "7.2",
"status": "affected"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"lang": "en",
"description": "SQL Injection",
"cweId": "CWE-89",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"lang": "en",
"description": "Injection",
"cweId": "CWE-74",
"type": "CWE"
}
]
}
],
"references": [
{
"url": "https://vuldb.com/vuln/369073",
"name": "VDB-369073 | Tiobon Employee Self-Service System Login Endpoint BlogSearch.aspx sql injection",
"tags": [
"vdb-entry",
"technical-description"
]
},
{
"url": "https://vuldb.com/vuln/369073/cti",
"name": "VDB-369073 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
]
},
{
"url": "https://vuldb.com/cve/CVE-2026-11453",
"name": "CVE-2026-11453 | CVE Analysis and Report",
"tags": [
"third-party-advisory"
]
},
{
"url": "https://vuldb.com/submit/826640",
"name": "Submit #826640 | Tiobon Employee Self-Service (ESS) system ≤ 7.2 SQL Injection",
"tags": [
"third-party-advisory"
]
},
{
"url": "https://drive.google.com/file/d/1kRvYG4Mi2kDtPv1HpY_86KiMcWGqGMnl/view?usp=drive_link",
"tags": [
"exploit"
]
}
],
"metrics": [
{},
{
"cvssV3_1": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
}
},
{
"cvssV3_0": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
}
},
{
"cvssV2_0": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"baseScore": 6.5
}
}
],
"timeline": [
{
"time": "2026-06-06T00:00:00.000Z",
"lang": "en",
"value": "Advisory disclosed"
},
{
"time": "2026-06-06T02:00:00.000Z",
"lang": "en",
"value": "VulDB entry created"
},
{
"time": "2026-06-06T12:46:00.000Z",
"lang": "en",
"value": "VulDB entry last update"
}
],
"credits": [
{
"lang": "en",
"value": "ox882 (VulDB User)",
"type": "reporter"
},
{
"lang": "en",
"value": "VulDB CNA Team",
"type": "coordinator"
}
]
}
}
}