CVE-2026-48249: Insecure Custom Mysql Prepare Shim
A custom database shim `mysql_prepare` was used. In CVE-2026-48249, this shim was found to be insecure and vulnerable to SQL injection despite impersonating a prepared statement API. Replace with `db_query()` using parameter arrays or migrate to standard PDO/mysqli.
Provally CuratedPublic repositoryHighMedium confidenceVerifiedApache-2.0
PHPβ
PHPβgreprules fetch cve-2026-48249-insecure-custom-mysql-prepare-shim --engine opengrepDescription
A custom database shim `mysql_prepare` was used. In CVE-2026-48249, this shim was found to be insecure and vulnerable to SQL injection despite impersonating a prepared statement API. Replace with `db_query()` using parameter arrays or migrate to standard PDO/mysqli.
Community feedback
0 signals from signed-in users.
- Useful
- 0
- False positive
- 0
- Metadata
- 0