Is CVE-2026-56124 being exploited?

No public exploit is currently tracked.

How severe is CVE-2026-56124?

CVE-2026-56124 has a CVSS v3 severity of HIGH (7.5).

Back

CVE-2026-56124

Description

phpUploader before 2.0.2 contains an unauthenticated information disclosure vulnerability that allows remote attackers to access the full contents of the uploaded-files database table by visiting any page of the application. The index model executes an unbounded SELECT query and embeds the complete JSON-encoded result set in an inline script block, exposing uploader IP addresses, Argon2ID key hashes, internal filenames, and SHA-256 fingerprints.