CVE-2026-49491 – Pixa Bank 2.0 SQL Injection via agence-ajax.php API

CVE ID :CVE-2026-49491

Published : June 1, 2026, 10:16 p.m. | 16 minutes ago

Description :Pixa Bank 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to extract sensitive data by injecting SQL code into the ‘rib’ parameter. Attackers can send POST requests to the agence-ajax.php endpoint with UNION-based SQL payloads to retrieve user information including names, email addresses, and phone numbers from the database.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2026-9050 – Slider Revolution 6.0.0-6.7.55 and 7.0.0-7.0.14 – Missing Authorization to Authenticated (Contributor+) Arbitrary Plugin Deactivation

CVE-2026-9048 – Slider Revolution 7.0.0 – 7.0.14 – Incorrect Authorization to Authenticated (Contributor+) Sensitive Information Exposure

CVE-2026-10528 – Orthanc DICOM Server DCMTK FromDcmtkBridge.cpp read stack-based overflow

CVE-2026-10514 – 1Panel-dev CordysCRM RequestParamTrimConfig.java cross site scripting