Is there a public PoC exploit available for EUVD-2026-28522?

Yes, a public proof-of-concept exploit is available for EUVD-2026-28522. Prioritise patching immediately. EPSS: 0.0%.

Is there a patch available for EUVD-2026-28522?

Yes, a patch is available for EUVD-2026-28522. Update the affected software to the latest version immediately.

FilePress EUVD-2026-28522

Q: What is the CVSS score of EUVD-2026-28522?

EUVD-2026-28522 has a CVSS 4.0 base score of 5.5 (Medium). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

| CVE-2026-8133 MEDIUM

SQL Injection (CWE-89)

2026-05-08 VulDB

GHSA-pxqj-577f-7xfv

PHP SQLi

5.5

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

Source Code Evidence Fetched

May 08, 2026 - 04:35 vuln.today

Analysis Generated

May 08, 2026 - 04:35 vuln.today

Severity Changed

May 08, 2026 - 04:22 NVD

HIGH MEDIUM

CVSS changed

May 08, 2026 - 04:22 NVD

7.3 (HIGH) 5.5 (MEDIUM)

CVE Published

May 08, 2026 - 03:30 nvd

MEDIUM 5.5

DescriptionNVD

A security vulnerability has been detected in zyx0814 FilePress up to 2.2.0. Affected by this vulnerability is an unknown functionality of the file dzz/shares/admin.php of the component Shares Filelist API. Such manipulation of the argument order leads to sql injection. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. The name of the patch is e20ec58414103f781858f2951d178e19b1736664. A patch should be applied to remediate this issue.

AnalysisAI

SQL injection in FilePress up to version 2.2.0 allows unauthenticated remote attackers to manipulate the order parameter in the Shares Filelist API (dzz/shares/admin.php and dzz/shares/ajax.php) to execute arbitrary SQL queries. The vulnerability exploits insufficient input validation on the order parameter, enabling data exfiltration or manipulation. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

EUVD-2026-28522 vulnerability details – vuln.today

Back

FilePress EUVD-2026-28522

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Full analysis requires sign-in

Share

External POC / Exploit Code