Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Fri, 29 May 2026 16:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Leiweibau
Leiweibau pi.alert |
|
| Vendors & Products |
Leiweibau
Leiweibau pi.alert |
Thu, 28 May 2026 15:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Wed, 27 May 2026 19:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. From 2024-06-29 to before 2026-05-07, the web application endpoint is vulnerable to SQL injection. The /pialert/php/server/devices.php route accepts requests from unauthenticated users when the action URL parameter is set to getDevicesTotals. The scansource URL parameter is then injected in a SQL query. This vulnerability is fixed in 2026-05-07. | |
| Title | Pi.Alert: Web Interface Vulnerable to Unauthenticated Blind SQL Injection | |
| Weaknesses | CWE-89 | |
| References |
| |
| Metrics |
cvssV4_0
|
Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2026-05-28T13:49:07.413Z
Reserved: 2026-05-07T21:50:33.545Z
Link: CVE-2026-44886
Updated: 2026-05-28T13:48:55.682Z
Status : Deferred
Published: 2026-05-27T20:16:37.767
Modified: 2026-06-17T10:51:29.083
Link: CVE-2026-44886
No data.
OpenCVE Enrichment
Updated: 2026-05-29T15:50:17Z