Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.3
Alixhan xh-admin-backend SQL Injection Risk in Database Queries
CVE-2026-2663
Summary
Alixhan xh-admin-backend versions up to 1.7.0 are at risk of a SQL injection attack, which could allow an attacker to manipulate database queries. This could lead to unauthorized access to sensitive data. Update to the latest version of Alixhan xh-admin-backend to fix this issue.
Original title
A security vulnerability has been detected in Alixhan xh-admin-backend up to 1.7.0. This issue affects some unknown processing of the file /frontend-api/system-service/api/system/role/query of the ...
Original description
A security vulnerability has been detected in Alixhan xh-admin-backend up to 1.7.0. This issue affects some unknown processing of the file /frontend-api/system-service/api/system/role/query of the component Database Query Handler. Such manipulation of the argument prop leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
nvd CVSS2.0
6.5
nvd CVSS3.1
6.3
nvd CVSS4.0
5.3
Vulnerability type
CWE-74
Injection
CWE-89
SQL Injection
Published: 18 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026