CVE-2026-44886

Sažetak

Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. From 2024-06-29 to before 2026-05-07, the web application endpoint is vulnerable to SQL injection. The /pialert/php/server/devices.php route accepts requests from unauthenticated users when the action URL parameter is set to getDevicesTotals. The scansource URL parameter is then injected in a SQL query. This vulnerability is fixed in 2026-05-07.

Reference

https://github.com/leiweibau/Pi.Alert/security/advisories/GHSA-m929-j7w8-334j
https://github.com/leiweibau/Pi.Alert/security/advisories/GHSA-m929-j7w8-334j

CVSS

Base:	0.0
Impact:	None
Exploitability:	None

Pristup

Vektor	Složenost	Autentikacija
None	None	None

Impact

Povjerljivost	Cjelovitost	Dostupnost
None	None	None

CVSS vektor

None

Zadnje važnije ažuriranje

29-05-2026 - 15:29

Objavljeno

27-05-2026 - 20:16