CVE-2026-8133: zyx0814 FilePress SQL Injection Exploited
The National Vulnerability Database has identified CVE-2026-8133, a high-severity SQL injection vulnerability affecting zyx0814 FilePress up to version 2.2.0. This flaw resides in the Shares Filelist API component, specifically within the dzz/shares/admin.php file. Attackers can manipulate the order argument to achieve remote SQL injection.
This isn’t a theoretical risk; the exploit has been publicly disclosed. This means attackers are actively integrating it into their toolkits. The CVSS score of 7.3 (HIGH) reflects the critical nature of this vulnerability, allowing for potential data exfiltration, manipulation, or even full system compromise through unauthenticated remote access.
For defenders, the calculus is simple: patch immediately. The National Vulnerability Database points to a specific patch, identified as e20ec58414103f781858f2951d178e19b1736664. Any instance of zyx0814 FilePress running an unpatched version is a wide-open door for attackers. Prioritize this fix to close a critical attack vector.
What This Means For You
- If your organization uses zyx0814 FilePress, check for CVE-2026-8133 immediately. Apply the patch `e20ec58414103f781858f2951d178e19b1736664` to all affected instances (up to version 2.2.0) to prevent remote SQL injection attacks.
Related ATT&CK Techniques
🛡️ Detection Rules
3 rules · 6 SIEM formats3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
CVE-2026-8133: FilePress Shares Filelist API SQL Injection
title: CVE-2026-8133: FilePress Shares Filelist API SQL Injection
id: scw-2026-05-08-ai-1
status: experimental
level: critical
description: |
Detects exploitation attempts against CVE-2026-8133 by looking for requests to the specific FilePress admin endpoint with SQL injection keywords in the query string. This indicates an attempt to exploit the SQL injection vulnerability in the Shares Filelist API.
author: SCW Feed Engine (AI-generated)
date: 2026-05-08
references:
- https://shimiscyberworld.com/posts/nvd-CVE-2026-8133/
tags:
- attack.initial_access
- attack.t1190
logsource:
category: webserver
detection:
selection:
cs-uri|contains:
- '/dzz/shares/admin.php'
cs-uri-query|contains:
- 'order='
- 'SELECT'
- 'FROM'
- 'UNION'
cs-method|exact:
- 'GET'
condition: selection
falsepositives:
- Legitimate administrative activity
Source: Shimi's Cyber World · License & reuse
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-8133 | SQLi | zyx0814 FilePress up to 2.2.0 |
| CVE-2026-8133 | SQLi | dzz/shares/admin.php |
| CVE-2026-8133 | SQLi | Shares Filelist API component |
| CVE-2026-8133 | SQLi | Manipulation of argument 'order' leads to SQL injection |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | May 08, 2026 at 07:16 UTC |
This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.
Believe this infringes your rights? Submit a takedown request.
Related coverage
Tenda CX12L Stack Buffer Overflow (CVE-2026-8138) Risks Remote Exploitation
CVE-2026-8138 — A vulnerability was found in Tenda CX12L 16.03.53.12. This issue affects the function formSetPPTPServer of the file /goform/SetPptpServerCfg”. The manipulation results in stack-based...
Totolink X5000R Buffer Overflow (CVE-2026-8137) Exposed
CVE-2026-8137 — A vulnerability has been found in Totolink X5000R 9.1.0u.6369_B20230113. This vulnerability affects the function sub_458E40 of the file /boafrm/formDdns. The manipulation of the...
CVE-2026-42279 — solidtime is an open-source time-tracking app. In version
CVE-2026-42279 — solidtime is an open-source time-tracking app. In version 0.12.0, the PUT /api/v1/organizations/{organization}/time-entries/{timeEntry} API accepts a route-bound timeEntry from another organization when the caller...