CVE-2026-8133
HIGHzyx0814 FilePress Shares Filelist API admin.php sql injection
Title source: cnaDescription
A security vulnerability has been detected in zyx0814 FilePress up to 2.2.0. Affected by this vulnerability is an unknown functionality of the file dzz/shares/admin.php of the component Shares Filelist API. Such manipulation of the argument order leads to sql injection. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. The name of the patch is e20ec58414103f781858f2951d178e19b1736664. A patch should be applied to remediate this issue.
References (8)
Core 8
Core References
Vdb Entry, Technical Description vdb-entry
technical-description
VDB-361923 | zyx0814 FilePress Shares Filelist API admin.php sql injection
https://vuldb.com/vuln/361923
Signature, Permissions Required signature
permissions-required
VDB-361923 | CTI Indicators (IOB, IOC, TTP, IOA)
https://vuldb.com/vuln/361923/cti
Third Party Advisory third-party-advisory
Submit #808819 | zyx0814 FilePress <=2.2.0 SQL Injection
https://vuldb.com/submit/808819
Issue Tracking issue-tracking
https://github.com/zyx0814/FilePress/issues/70
Patch issue-tracking
patch
https://github.com/zyx0814/FilePress/pull/71
Exploit exploit
https://github.com/xiaohaiyang-ai/Web-Security-Research/tree/main/FilePress/Shares-API-PreAuth-SQLi
Product product
https://github.com/zyx0814/FilePress/
Scores
CVSS v3
7.3
EPSS
0.0004
EPSS Percentile
10.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-74
CWE-89
Status
published
Products (3)
zyx0814/FilePress
2.0
zyx0814/FilePress
2.1
zyx0814/FilePress
2.2.0
Published
May 08, 2026
Tracked Since
May 08, 2026