Vendor
Pixa Bank 2.0 is vulnerable to SQL injection, allowing unauthenticated attackers to extract sensitive data by injecting SQL code into the 'rib' parameter via POST requests to the agence-ajax.php endpoint with UNION-based SQL payloads, potentially leading to the retrieval of user information such as names, email addresses, and phone numbers from the database.