Primary

Context

Pixa Bank SQL Injection Vulnerability

Vulnerability

An SQL injection vulnerability has been identified in Pixa Bank version 2.0. This vulnerability allows unauthenticated attackers to inject SQL code into the 'rib' parameter, enabling them to extract sensitive user data such as names, email addresses, and phone numbers from the database. The exploitation occurs by sending POST requests with UNION-based SQL payloads to the 'agence-ajax.php' endpoint.

Impact

Exploitation of this vulnerability allows for unauthorized access to sensitive user information stored in the database, including names, email addresses, and phone numbers.

Reproduction

The vulnerability can be reproduced by sending a POST request to the 'agence-ajax.php' endpoint with a crafted 'rib' parameter that includes SQL injection payloads. If the injection is successful, the response will contain extracted user data.

Added: Jun 1, 2026, 10:19 PM

Updated: Jun 1, 2026, 10:19 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

9.7

threat

6.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

9.7

threat

6.4

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Pixa Bank SQL Injection Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

Pixa Bank

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating