CVE-2026-8133

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions zyx0814 FilePress versions prior to 2.2.1

Description An issue exists in the Shares Filelist API within the file 'dzz/shares/admin.php'. Manipulation of the argument order allows a remote attacker to perform SQL injection, which is a technique where malicious SQL statements are inserted into entry fields for execution to manipulate a database.

Recommendations Apply patch e20ec58414103f781858f2951d178e19b1736664 to remediate the issue.

Exploit

Fix

SQL injection

Special Elements Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89CWE-74

Related Identifiers

CVE-2026-8133

Affected Products

Filepress

CVE-2026-8133

Weakness Enumeration

Related Identifiers

Affected Products

References · 13