Lucene search
K

349 matches found

Vulnrichment
Vulnrichment
added 2026/03/06 12:18 p.m.2 views

CVE-2018-25167 Net-Billetterie 2.9 SQL Injection via login.inc.php

Net-Billetterie 2.9 contains an SQL injection vulnerability in the login parameter of login.inc.php that allows unauthenticated attackers to execute arbitrary SQL queries. Attackers can submit malicious SQL code through the login POST parameter to extract database information including usernames,...

8.8CVSS6.1AI score0.00232EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/06 12:0 a.m.7 views

Data Center Audit SQL注入漏洞

Data Center Audit is a data auditing software developed by Ben Patridge. Version 2.6.2 of Data Center Audit contains a SQL injection vulnerability. This vulnerability stems from an SQL injection issue with the username parameter in the dcalogin.php file, which may allow unverified attackers to...

8.8CVSS6.1AI score0.00237EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/02/25 12:0 a.m.7 views

itsourcecode College Management System SQL注入漏洞

itsourcecode College Management System is an open-source university management system developed by itsourcecode. Version 1.0 of itsourcecode College Management System has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the email parameter in the file...

9.8CVSS7.2AI score0.00391EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/02/23 12:0 a.m.14 views

PT-2026-21497

A vulnerability was found in a466350665 Smart-SSO up to 2.1.1. Affected by this issue is some unknown functionality of the file smart-sso-server/src/main/resources/templates/login.html of the component Login. Performing a manipulation of the argument redirectUri results in cross site scripting. T...

5.3CVSS3.9AI score0.00308EPSS
Exploits1References5
NVD
NVD
added 2026/02/12 11:16 p.m.10 views

CVE-2019-25320

E Learning Script 1.0 contains an authentication bypass vulnerability that allows attackers to access the dashboard without valid credentials by manipulating login parameters. Attackers can exploit the /login.php file by sending a specific payload '=''or' to bypass authentication and gain...

8.8CVSS0.00308EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/09 7:2 a.m.2 views

CVE-2026-2221

A security flaw has been discovered in code-projects Online Reviewer System 1.0. Affected is an unknown function of the file /login/index.php of the component Login. Performing a manipulation of the argument Username results in sql injection. The attack is possible to be carried out remotely. The...

7.5CVSS5.4AI score0.00341EPSS
Exploits1References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/09 12:0 a.m.7 views

PT-2026-7074

A security flaw has been discovered in code-projects Online Reviewer System 1.0. Affected is an unknown function of the file /login/index.php of the component Login. Performing a manipulation of the argument Username results in sql injection. The attack is possible to be carried out remotely. The...

7.5CVSS5.4AI score0.00341EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
added 2026/02/08 6:32 p.m.5 views

CVE-2026-2173

A vulnerability was identified in code-projects Online Examination System 1.0. Affected by this issue is some unknown functionality of the file login.php. The manipulation of the argument username/password leads to sql injection. The attack may be initiated remotely...

7.5CVSS7.2AI score0.00312EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 2026/02/08 6:32 p.m.7 views

EUVD-2026-5777

A vulnerability was identified in code-projects Online Examination System 1.0. Affected by this issue is some unknown functionality of the file login.php. The manipulation of the argument username/password leads to sql injection. The attack may be initiated remotely...

9.8CVSS5.4AI score0.00312EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/02/08 12:0 a.m.7 views

Code-Projects Online Examination System SQL注入漏洞

The Code-Projects Online Examination System is an open-source online examination system developed by Code-Projects. Version 1.0 of the Code-Projects Online Examination System has a SQL injection vulnerability. This vulnerability stems from incorrect handling of parameters username and password in...

9.8CVSS7.2AI score0.00312EPSS
Exploits0References5
NVD
NVD
added 2026/02/07 8:15 p.m.8 views

CVE-2026-2110

A security flaw has been discovered in Tasin1025 SwiftBuy up to 0f5011372e8d1d7edfd642d57d721c9fadc54ec7. Affected by this vulnerability is an unknown functionality of the file /login.php. Performing a manipulation results in improper restriction of excessive authentication attempts. Remote...

8.1CVSS0.00681EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/02/07 2:2 p.m.36 views

CVE-2026-2087 SourceCodester Online Class Record System login.php sql injection

A flaw has been found in SourceCodester Online Class Record System 1.0. Affected by this issue is some unknown functionality of the file /admin/login.php. This manipulation of the argument useremail causes sql injection. The attack may be initiated remotely. The exploit has been published and may...

7.5CVSS0.00312EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/02/07 12:0 a.m.10 views

SwiftBuy 安全漏洞

SwiftBuy is an e-commerce website developed by MD Tasin Rahman. The version 0f5011372e8d1d7edfd642d57d721c9fadc54ec7 and earlier versions of SwiftBuy have security vulnerabilities. These vulnerabilities stem from incorrect handling of the /login.php file, which may lead to improper restrictions o...

8.1CVSS5.8AI score0.00681EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/02/06 12:0 a.m.5 views

PT-2026-6728

Name of the Vulnerable Software and Affected Versions SourceCodester Medical Center Portal Management System version 1.0 Description A flaw exists in SourceCodester Medical Center Portal Management System 1.0 that allows for SQL injection. The issue is located in an unknown function within the...

9.8CVSS5.6AI score0.00326EPSS
Exploits1References9
ATTACKERKB
ATTACKERKB
added 2026/01/30 4:32 p.m.4 views

CVE-2026-1689

A vulnerability was detected in Tenda HG10 USHG7HG9HG10re300001138enxpon. The impacted element is the function checkUserFromLanOrWan of the file /boaform/admin/formLogin of the component Login Interface. The manipulation of the argument Host results in command injection. The attack can be launche...

7.5CVSS5.7AI score0.02537EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2026/01/13 10:53 p.m.5 views

CVE-2025-67147

Multiple SQL Injection vulnerabilities exist in amansuryawanshi Gym-Management-System-PHP 1.0 via the 'name', 'email', and 'comment' parameters in 1 submitcontact.php, the 'username' and 'passkey' parameters in 2 securelogin.php, and the 'loginid', 'pwfield', and 'loginkey' parameters in 3...

9.8CVSS8.7AI score0.00345EPSS
Exploits0References1
NVD
NVD
added 2026/01/12 3:16 p.m.5 views

CVE-2025-41006

Imaster's MEMS Events CRM contains an SQL injection vulnerability in ‘phone’ parameter in ‘/memsdemo/login.php’...

9.3CVSS0.00307EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:26 a.m.7 views

CVE-2023-4185

A vulnerability was found in SourceCodester Online Hospital Management System 1.0. It has been classified as critical. Affected is an unknown function of the file patientlogin.php. The manipulation of the argument loginid/password leads to sql injection. It is possible to launch the attack...

9.8CVSS8AI score0.00649EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:56 a.m.5 views

CVE-2023-4180

A vulnerability classified as critical was found in SourceCodester Free Hospital Management System for Small Practices 1.0. Affected by this vulnerability is an unknown functionality of the file /vm/login.php. The manipulation of the argument useremail/userpassword leads to sql injection. The...

9.8CVSS8AI score0.00823EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/06 9:6 a.m.8 views

CVE-2026-0583

A security flaw has been discovered in code-projects Online Product Reservation System 1.0. This vulnerability affects unknown code of the file app/user/login.php of the component User Login. The manipulation of the argument emailadd results in sql injection. The attack may be launched remotely...

7.5CVSS7.2AI score0.00371EPSS
Exploits1References1
Rows per page
Query Builder