CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-34455

Hi.Events is an open-source event management and ticket selling platform. From version 0.8.0-beta.1 to before version 1.7.1-beta, multiple repository classes pass the user-supplied sort_by query parameter directly to Eloquent's orderBy() without validation, enabling SQL injection. The application uses PostgreSQL which supports stacked queries. This issue has been patched in version 1.7.1-beta.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 12.0%

CVSS Severity

CVSS v3 Score 8.8

References

Products affected by CVE-2026-34455

Hi.events » Hi.events » Version: 0.8.0

cpe:2.3:a:hi.events:hi.events:0.8.0
Hi.events » Hi.events » Version: 1.0.0

cpe:2.3:a:hi.events:hi.events:1.0.0
Hi.events » Hi.events » Version: 1.1.0

cpe:2.3:a:hi.events:hi.events:1.1.0
Hi.events » Hi.events » Version: 1.2.0

cpe:2.3:a:hi.events:hi.events:1.2.0
Hi.events » Hi.events » Version: 1.3.0

cpe:2.3:a:hi.events:hi.events:1.3.0
Hi.events » Hi.events » Version: 1.4.0

cpe:2.3:a:hi.events:hi.events:1.4.0
Hi.events » Hi.events » Version: 1.5.0

cpe:2.3:a:hi.events:hi.events:1.5.0
Hi.events » Hi.events » Version: 1.5.1

cpe:2.3:a:hi.events:hi.events:1.5.1
Hi.events » Hi.events » Version: 1.6.0

cpe:2.3:a:hi.events:hi.events:1.6.0
Hi.events » Hi.events » Version: 1.7.0

cpe:2.3:a:hi.events:hi.events:1.7.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-34455

Products

Pricing

Contact Us