CVE 8.8 HIGH

Pixa Bank 2.0 SQL Injection via agence-ajax.php API_CVE-2026-49491

June 1, 2026 invoker category_cve

8.8 / 10

HIGH

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N

Description

Pixa Bank 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to extract sensitive data by injecting SQL code into the 'rib' parameter. Attackers can send POST requests to the agence-ajax.php endpoint with UNION-based SQL payloads to retrieve user information including names, email addresses, and phone numbers from the database.

AI Analysis

SQL injection vulnerability in Pixa Bank 2.0 allowing unauthenticated attackers to extract sensitive data

Basic Information

ID CVE-2026-49491

Source VulnCheck

Published Jun 1, 2026 at 21:02

Affected Product

Vendor Pixastudio

Product Pixa Bank

Version 2.0

Affected Versions Pixastudio Pixa Bank 2.0

CWE Classification

CWE-89

AI Assessment

AI Score 8.8 / 10

AI Severity High

Vendor Pixastudio

Product Pixa Bank

Version 2.0

References

{
    "lastseen": "",
    "description": "Pixa Bank 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to extract sensitive data by injecting SQL code into the 'rib' parameter. Attackers can send POST requests to the agence-ajax.php endpoint with UNION-based SQL payloads to retrieve user information including names, email addresses, and phone numbers from the database.",
    "published": "2026-06-01T21:02:08.758Z",
    "modified": "2026-06-01T21:02:08.758Z",
    "type": "cve",
    "title": "Pixa Bank 2.0 SQL Injection via agence-ajax.php API",
    "source": "VulnCheck",
    "references": "https://packetstorm.news/files/id/220748/\nhttps://pixastudio.com/\nhttps://www.vulncheck.com/advisories/pixa-bank-sql-injection-via-agence-ajax-php-api",
    "id": "CVE-2026-49491",
    "bulletinFamily": "",
    "cwe": [
        "CWE-89"
    ],
    "cvelist": null,
    "sourceData": "Pixastudio Pixa Bank 2.0",
    "sourceHref": "",
    "cvss": {
        "score": 8.8,
        "severity": "HIGH",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Pixa Bank",
    "version": "2.0",
    "vendor": "Pixastudio",
    "ai_description": "SQL injection vulnerability in Pixa Bank 2.0 allowing unauthenticated attackers to extract sensitive data",
    "ai_severity": "High",
    "ai_vendor": "Pixastudio",
    "ai_product": "Pixa Bank",
    "ai_version": "2.0",
    "ai_score": 8.8
}

💭 Join the Security Discussion ❌ Cancel Reply