CVE-2026-42475 PUBLISHED

SQL injection vulnerability in MixPHP Framework 2.x thru 2.2.17 via crafted on array to the joinOn function in BuildHelper.php.

• https://github.com/mix-php/mix
• https://github.com/mix-php/mix/blob/v2.2.17/src/database/src/Helper/BuildHelper.php
• https://gist.github.com/sgInnora/fa46386840fe978a30d7e53c458f2975

• n/a text