CVE-2026-49491 – Pixa Bank 2.0 SQL Injection via agence-ajax.php API

CVE ID :CVE-2026-49491

Published : June 1, 2026, 10:16 p.m. | 16 minutes ago

Description :Pixa Bank 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to extract sensitive data by injecting SQL code into the ‘rib’ parameter. Attackers can send POST requests to the agence-ajax.php endpoint with UNION-based SQL payloads to retrieve user information including names, email addresses, and phone numbers from the database.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2026-25879 – Langroid has Prompt to SQL Injection, Leading to RCE

CVE-2026-28511 – elabftw has entry title leakage through autocompletion search

CVE-2026-40965 – Cloud Foundry UAA EC Private Key Exposure

CVE-2026-40964 – Cloud Foundry cf-auth-proxy Authentication Bypass