Directorist Booking SQL Injection Flaw Exposes Critical Data
The National Vulnerability Database has identified CVE-2026-22336, a critical SQL injection vulnerability impacting Directorist Booking plugin versions prior to 3.0.2. This flaw, rated CVSS 9.3, allows unauthenticated attackers to execute arbitrary SQL commands by manipulating special elements within SQL queries. The lack of input sanitization means attackers can potentially exfiltrate sensitive data or even tamper with the booking system’s integrity.
This vulnerability presents a significant risk for any organization relying on the Directorist Booking plugin. Attackers can exploit this remotely, requiring no special privileges. The attacker’s calculus is simple: gain unauthorized access to booking details, customer information, or potentially disrupt operations. Defenders must prioritize patching this immediately to prevent potential data breaches and service disruptions.
What This Means For You
- If your organization uses the Directorist Booking plugin, verify your version is 3.0.2 or later. If not, patch immediately and audit database logs for any suspicious SQL query patterns or unauthorized access attempts.
Related ATT&CK Techniques
🛡️ Detection Rules
3 rules · 6 SIEM formats3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
CVE-2026-22336 - Directorist Booking SQL Injection Attempt
title: CVE-2026-22336 - Directorist Booking SQL Injection Attempt
id: scw-2026-04-27-ai-1
status: experimental
level: critical
description: |
Detects SQL injection attempts targeting the Directorist Booking plugin by looking for common SQL injection payloads within the URI query string. This is the primary vulnerability described in CVE-2026-22336.
author: SCW Feed Engine (AI-generated)
date: 2026-04-27
references:
- https://shimiscyberworld.com/posts/nvd-CVE-2026-22336/
tags:
- attack.initial_access
- attack.t1190
logsource:
category: webserver
detection:
selection:
cs-uri-query|contains:
- "' OR 1=1 --"
- "UNION SELECT"
- "information_schema.tables"
condition: selection
falsepositives:
- Legitimate administrative activity
Source: Shimi's Cyber World · License & reuse
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-22336 | SQLi | Directorist Booking plugin versions prior to 3.0.2 |
| CVE-2026-22336 | SQLi | CWE-89 |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | April 27, 2026 at 14:16 UTC |
This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.
Believe this infringes your rights? Submit a takedown request.
Related coverage
Totolink A8000RU Critical Command Injection (CVE-2026-7122)
CVE-2026-7122 — A vulnerability has been found in Totolink A8000RU 7.1cu.643_b20200521. This impacts the function setUPnPCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler....
Totolink A8000RU Critical Command Injection (CVE-2026-7121) Exposed
CVE-2026-7121 — A flaw has been found in Totolink A8000RU 7.1cu.643_b20200521. This affects the function setWizardCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler....
Tenda HG3 Router OS Command Injection (CVE-2026-7119)
CVE-2026-7119 — A vulnerability was detected in Tenda HG3 2.0. The impacted element is an unknown function of the file /boaform/formCountrystr. The manipulation of the...