A vulnerability classified as critical has been found in damasac thaipalliative_lte up to 3.0 . This affects an unknown part of the file /substudy/ezform.php . Performing a manipulation of the argument idFormMain results in sql injection. This vulnerability was named CVE-2026-38581 . The attack may be initiated remotely. There is no available exploit.