CVE-2026-2663 | Alixhan xh-admin-backend up to 1.7.0 Database Query query prop sql injection

A vulnerability, which was classified as critical, was found in Alixhan xh-admin-backend up to 1.7.0. This issue affects some unknown processing of the file /frontend-api/system-service/api/system/role/query of the component Database Query Handler. Such manipulation of the argument prop leads to sql injection.

This vulnerability is referenced as CVE-2026-2663. It is possible to launch the attack remotely. Furthermore, an exploit is available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2026-2663 | Alixhan xh-admin-backend up to 1.7.0 Database Query query prop sql injection

Post correlati

CVE-2025-68336 | Linux Kernel up to 6.12.61/6.17.11/6.18.0 spinlock do_raw_write_lock race condition

CVE-2024-30122 | HCL Sametime up to 12.0.2 Remote Code Execution (KB0115627)

CVE-2026-0669 | Wikimedia CSS Extension 1.39/1.43/1.44 on MediaWiki path traversal

CVE-2024-5808 | WP Ajax Contact Form Plugin up to 2.2.2 on WordPress cross-site request forgery