259 matches found
CVE-2024-37657
The CVE-2024-37657 entry concerns gnuboard5 v5.5.16 with an open redirect in the bbs/login.php component caused by insufficient validation of URL parameters. Exploitation could allow a remote attacker to obtain sensitive information and potentially disorient users by redirecting to an attacker-co...
CVE-2024-37657
An open redirect vulnerability in gnuboard5 v.5.5.16 allows a remote attacker to obtain sensitive information via thebbs/login.php component...
CVE-2025-6840
A vulnerability, which was classified as critical, was found in code-projects Product Inventory System 1.0. This affects an unknown part of the file /index.php of the component Login. The manipulation of the argument Username leads to sql injection. It is possible to initiate the attack remotely...
PT-2025-27341 · Code Projects · Code-Projects Product Inventory System
Name of the Vulnerable Software and Affected Versions: code-projects Product Inventory System version 1.0 Description: A critical vulnerability was found in the code-projects Product Inventory System. This issue affects the Login component, specifically the file /index.php. The manipulation of th...
CVE-2025-5149
A vulnerability was found in WCMS up to 8.3.11. It has been declared as critical. Affected by this vulnerability is the function getMemberByUid of the file /index.php?articleadmin/getallcon of the component Login. The manipulation of the argument uid leads to improper authentication. The attack c...
PT-2025-22860 · Wcms · Wcms
Name of the Vulnerable Software and Affected Versions: WCMS versions up to 8.3.11 Description: A critical issue has been found in the Login component, specifically affecting the getMemberByUid function. The manipulation of the uid argument leads to improper authentication, allowing for remote...
CVE-2024-48644
Accounts enumeration vulnerability in the Login Component of Reolink Duo 2 WiFi Camera Firmware Version v3.0.0.188923031701 allows remote attackers to determine valid user accounts via login attempts. This can lead to the enumeration of user accounts and potentially facilitate other attacks, such...
CVE-2024-28741
Cross Site Scripting vulnerability in EginDemirbilek NorthStar C2 v1 allows a remote attacker to execute arbitrary code via the login.php component...
CVE-2024-5463
A vulnerability regarding buffer copy without checking the size of input 'Classic Buffer Overflow' has been found in the login component. This allows remote attackers to write specific files containing non-sensitive information and conduct limited denial-of-service attacks via unspecified vectors...
CVE-2024-30802
An issue in Vehicle Management System 7.31.0.320230412 allows an attacker to escalate privileges via the login.html component...
CVE-2024-24507
Cross Site Scripting vulnerability in Act-On 2023 allows a remote attacker to execute arbitrary code via the newUser parameter in the login.jsp component...
CVE-2024-12663
A vulnerability classified as problematic was found in funnyzpc Mee-Admin up to 1.6. This vulnerability affects unknown code of the file /mee/login of the component Login. The manipulation of the argument username leads to observable response discrepancy. The attack can be initiated remotely. The...
CVE-2023-33758
Splicecom Maximiser Soft PBX v1.5 and before was discovered to contain a cross-site scripting XSS vulnerability via the CLIENTNAME and DEVICEGUID fields in the login component...
CVE-2023-48985
Cross Site Scripting XSS vulnerability in CU Solutions Group CUSG Content Management System CMS before v.7.75 allows a remote attacker to execute arbitrary code, escalate privileges, and obtain sensitive information via a crafted script to the login.php component...
CVE-2023-47503
An issue in jflyfox jfinalCMS v.5.1.0 allows a remote attacker to execute arbitrary code via a crafted script to the login.jsp component in the template management module...
CVE-2021-35207
An issue was discovered in Zimbra Collaboration Suite 8.8 before 8.8.15 Patch 23 and 9.0 before 9.0.0 Patch 16. An XSS vulnerability exists in the login component of Zimbra Web Client, in which an attacker can execute arbitrary JavaScript by adding executable JavaScript to the loginErrorCode...
CVE-2020-21504
waimai Super Cms 20150505 contains a cross-site scripting XSS vulnerability in the component /admin.php?=Public=login...
CVE-2017-1000444
Eleix Openhacker version 0.1.47 is vulnerable to an SQL injection in the account registration and login component resulting in information disclosure and remote code execution...
PT-2025-21844 · Unknown · Phpgurukul News Portal
Name of the Vulnerable Software and Affected Versions: PHPGurukul News Portal version 4.1 Description: A critical issue has been found in the Login component of the affected software, specifically in the file /admin/index.php. The manipulation of the Username argument leads to SQL injection. This...
CVE-2025-4838
A vulnerability, which was classified as problematic, was found in kanwangzjm Funiture up to 71ca0fb0658b3d839d9e049ac36429207f05329b. Affected is the function doPost of the file /funiture-master/src/main/java/com/app/mvc/acl/servlet/LoginServlet.java of the component Login. The manipulation of t...