Vendor
A critical SQL injection vulnerability (CVE-2026-15489) exists in RafyMrX TOKO-ONLINE-ROTI, allowing remote attackers to bypass authentication and potentially exfiltrate sensitive data by manipulating the 'Username' argument in the 'proses/login.php' file, with a public exploit available.