| Summary | Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. From 2024-06-29 to before 2026-05-07, the web application endpoint is vulnerable to SQL injection. The /pialert/php/server/devices.php route accepts requests from unauthenticated users when the action URL parameter is set to getDevicesTotals. The scansource URL parameter is then injected in a SQL query. This vulnerability is fixed in 2026-05-07. |
|---|---|
| Publication Date | May 28, 2026, 5:16 a.m. |
| Registration Date | May 29, 2026, 4:10 a.m. |
| Last Update | May 28, 2026, 11:16 p.m. |