CVE-2026-2122

A security flaw has been discovered in Xiaopi Panel up to 20260126. This impacts an unknown function of the file /demo.php of the component WAF Firewall. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit has been released to the public...

Henan Xiaopi Panel SQL注入漏洞

Henan Xiaopi Panel is a Linux graphical interface developed by Henan Xiaopi in Henan, China. Versions of Henan Xiaopi Panel prior to 20260126 contained an SQL injection vulnerability. This vulnerability stemmed from incorrect handling of the parameter ID in the component WAF Firewall’s demo.php...

FanCMS Cross-Site Scripting Vulnerability

FanCMS is a content management system for PwnCYN individual developers. A security vulnerability exists in FanCMS version v.1.0.0. The vulnerability can be exploited to execute arbitrary code via the content1 parameter in the demo.php file...

PT-2023-30064 · Fancms · Fancms

Name of the Vulnerable Software and Affected Versions: FanCMS version 1.0.0 Description: A Cross Site Scripting issue allows an attacker to execute arbitrary code via the content1 parameter in the "demo.php" file. Recommendations: For FanCMS version 1.0.0, avoid using the content1 parameter in th...