CVE-2026-2122

Medium CVSS: 5.3

A security flaw has been discovered in Xiaopi Panel up to 20260126. This impacts an unknown function of the file /demo.php of the component WAF Firewall. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

Vendor

Xiaopi

Product

Panel

CWE

CWE-74

Yayın Tarihi

2026-02-08 01:16:10

Güncelleme

2026-03-05 20:20:33

Source Identifier

cna@vuldb.com

KEV Date Added

Kategoriler

CWE-74 Panel MEDIUM Xiaopi 2026

Referanslar

https://github.com/ltranquility/CVE/issues/37 https://vuldb.com/?ctiid.344695 https://vuldb.com/?id.344695 https://vuldb.com/?submit.746917

Benzer Kayıtlar

Critical

CVE-2026-26016

Wings is the server control plane for Pterodactyl, a free, open-source game server management panel. Prior to version 1.…

Medium

CVE-2025-69198

Pterodactyl is a free, open-source game server management panel. Pterodactyl implements rate limits that are applied to…

High

CVE-2025-68954

Pterodactyl is a free, open-source game server management panel. Versions 1.11.11 and below do not revoke active SFTP co…

Medium

CVE-2025-69197

Pterodactyl is a free, open-source game server management panel. Versions 1.11.11 and below allow TOTP to be used multip…