[HIGH] CraftCMS's `ElementSearchController` Affected by Blind SQL Injection

PKSA-2bdn-bpjn-j9q4 CVE-2026-31858 GHSA-g7j6-fmwx-7vp8

Affected package: craftcms/cms

Affected version: >=5.0.0-RC1,<=5.9.8

Reported by:
GitHub