| Название | Xiaopi Web Application Firewall V1.0.0 Bypass |
|---|
| Описание | The vulnerability exists in the official WAF firewall of Xiaopi Panel, where inadequate filtering of user input by WAF rules allows attackers to execute malicious code through carefully crafted injection statements. Although WAF protection is in place, attackers can still bypass restrictions using specific formats and encoding techniques to achieve injection attacks. |
|---|
| Источник | ⚠️ https://github.com/ltranquility/vuln_submit/issues/1 |
|---|
| Пользователь | Customer (UID 83474) |
|---|
| Представление | 16.03.2026 14:19 (21 дни назад) |
|---|
| Модерация | 01.04.2026 15:58 (16 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 354666 [Xiaopi Panel 1.0.0 WAF Firewall /demo.php param межсайтовый скриптинг] |
|---|
| Баллы | 18 |
|---|