{"id":"CVE-2026-44886","summary":"Pi.Alert: Web Interface Vulnerable to Unauthenticated Blind SQL Injection","details":"Pi.Alert is a WIFI / LAN intruder detector with web service monitoring. From 2024-06-29 to before 2026-05-07, the web application endpoint is vulnerable to SQL injection. The /pialert/php/server/devices.php route accepts requests from unauthenticated users when the action URL parameter is set to getDevicesTotals. The scansource URL parameter is then injected in a SQL query. This vulnerability is fixed in 2026-05-07.","aliases":["GHSA-m929-j7w8-334j"],"modified":"2026-07-08T08:20:08.139034240Z","published":"2026-05-27T19:16:55.548Z","database_specific":{"cna_assigner":"GitHub_M","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/44xxx/CVE-2026-44886.json","cwe_ids":["CWE-89"]},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/44xxx/CVE-2026-44886.json"},{"type":"ADVISORY","url":"https://github.com/leiweibau/Pi.Alert/security/advisories/GHSA-m929-j7w8-334j"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-44886"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/leiweibau/pi.alert","events":[{"introduced":"0f2d275ee7c0489443b89caacb9400b5055b9d0a"},{"fixed":"ac09cc54862cbf277d8f69f58d83c980ae68b2c0"}],"database_specific":{"extracted_events":[{"introduced":"2024-06-29"},{"fixed":"2026-05-07"},{"introduced":"0"}],"source":["AFFECTED_FIELD","DESCRIPTION"]}}],"versions":["v2026-03-20","v2026-03-16","v2026-02-28","v2026-02-07","v2026-01-07","v2026-01-04","v2025-12-14","v2025-11-05","v2025-10-31","v2025-10-18","v2025-07-30","v2025-07-12","v2025-06-12","v2025-05-11","v2025-04-26","v2025-03-21","v2025-02-16","v2025-02-06","v2025-02-04","v2024-12-12","v2024-11-11","v2024-10-20","v2024-09-28","v2024-09-17","v2024-09-01","v2024-08-24","v2024-08-09","v2024-07-17","v2024-07-04","v2024-06-29"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-44886.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"}]}