CVE-2026-42474: MixPHP Framework has an SQL injection vulnerability via crafted `data` array

May 1, 2026 (updated May 7, 2026)

SQL injection vulnerability in MixPHP Framework 2.x thru 2.2.17 via crafted data array to the data function in BuildHelper.php.

References

gist.github.com/sgInnora/fa46386840fe978a30d7e53c458f2975
github.com/advisories/GHSA-q57j-rwwx-7rwp
github.com/mix-php/mix
github.com/mix-php/mix/blob/v2.2.17/src/database/src/Helper/BuildHelper.php
nvd.nist.gov/vuln/detail/CVE-2026-42474

Code Behaviors & Features

Detect and mitigate CVE-2026-42474 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →