Submit #780839: Xiaopi Web Application Firewall V1.0.0 Bypassinfo

TitleXiaopi Web Application Firewall V1.0.0 Bypass
DescriptionThe vulnerability exists in the official WAF firewall of Xiaopi Panel, where inadequate filtering of user input by WAF rules allows attackers to execute malicious code through carefully crafted injection statements. Although WAF protection is in place, attackers can still bypass restrictions using specific formats and encoding techniques to achieve injection attacks.
Source⚠️ https://github.com/ltranquility/vuln_submit/issues/1
User Customer (UID 83474)
Submission03/16/2026 14:19 (21 days ago)
Moderation04/01/2026 15:58 (16 days later)
StatusAccepted
VulDB entry354666 [Xiaopi Panel 1.0.0 WAF Firewall /demo.php param cross site scripting]
Points18

PreviousOverviewNext

Do you know our Splunk app?

Download it now for free!