CVE-2009-1773

activeCollab 2.1 Corporate allows remote attackers to obtain sensitive information via an invalid reroute parameter to the login script, which reveals the installation path in an error message...

CVE-2025-4906 PHPGurukul Notice Board System login.php sql injection

A vulnerability was found in PHPGurukul Notice Board System 1.0. It has been classified as critical. Affected is an unknown function of the file /login.php. The manipulation of the argument Username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclos...

The vulnerability of the Goto_chidx() function in the login.cgi script of the Wavlink WN530H4, WN530HG4, and WN572HG3 router microprogramming systems allows a intruder to execute arbitrary code or cause a service failure.

The vulnerability of the Gotochidx function in the login.cgi script of the Wavlink WN530H4, WN530HG4, and WN572HG3 router microprogramming systems is related to the reading of data beyond the buffer boundaries in memory during the processing of the wlanUrl parameter. Exploiting this vulnerability...

CVE-2024-5519

A vulnerability classified as critical was found in ItsourceCode Learning Management System Project In PHP 1.0. This vulnerability affects unknown code of the file login.php. The manipulation of the argument useremail leads to sql injection. The attack can be initiated remotely. The exploit has...

The vulnerability of the set_sys_init() function in the login.cgi script of the Wavlink AC3000 router microprogramming system (WL-WN533A8) allows a hacker to execute arbitrary commands.

The vulnerability of the setsysinit function in the login.cgi script of the Wavlink AC3000 WL-WN533A8 router microprogramming system is related to the lack of data cleaning at the control level when processing the restartweekvalue parameter. Exploiting this vulnerability allows a remote attacker ...

The vulnerability of the set_sys_init() function in the login.cgi script of the Wavlink AC3000 router microprogramming system (WL-WN533A8) allows a hacker to execute arbitrary commands.

The vulnerability of the setsysinit function in the login.cgi script of the Wavlink AC3000 WL-WN533A8 router microprogramming system is related to the lack of data cleaning measures at the control level when processing the restartminvalue parameter. Exploiting this vulnerability allows a remote...

PT-2025-2446 · Wavlink · Wavlink Ac3000

Name of the Vulnerable Software and Affected Versions: Wavlink AC3000 version M33A8.V5030.210505 Description: A buffer overflow issue exists in the login.cgi Goto chidx functionality. This can be triggered by a specially crafted HTTP request, leading to a stack-based buffer overflow. An attacker...

WAVLINK AC3000 命令注入漏洞

WAVLINK AC3000 is a wireless router from China Ruiyin WAVLINK. The WAVLINK AC3000 suffers from a command injection vulnerability that originates from the failure of the restartweekvalue parameter of the login.cgi setsysinit function to correctly filter constructed command special characters,...

CVE-2024-53480

Phpgurukul's Beauty Parlour Management System v1.1 is vulnerable to SQL Injection in login.php via the emailcont parameter...

CVE-2024-50833

A SQL Injection vulnerability was found in /login.php in KASHIPARA E-learning Management System Project 1.0 via the username and password parameters...

PT-2024-5727 · Webmin +2 · Webmin +2

Name of the Vulnerable Software and Affected Versions: Webmin versions prior to 1.970 Usermin versions prior to 1.820 Description: A cross-site scripting issue exists due to inadequate protection of the webpage structure in the session login.cgi script of Webmin and Usermin. This can be exploited...

PT-2024-10140 · Wavlink · Wavlink Ac3000

Name of the Vulnerable Software and Affected Versions: Wavlink AC3000 M33A8.V5030.210505 Description: Multiple OS command injection vulnerabilities exist in the login.cgi set sys init functionality. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an...

Loan Management System SQL Injection Vulnerability

Loan Management System is a loan management system by razormist Personal Developer. A SQL injection vulnerability exists in itsourcecode Loan Management System version 1.0, which is caused by an unknown function in login.php in the component Login, which leads to SQL injection via the parameter...

PHPGurukul Student Record System SQL注入漏洞

Student Record System is a software application. Student Record System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the id/password parameter of the file /login.php. An attacker can exploit this vulnerability to...

VulnCheck KEV: CVE-2021-42071

In Visual Tools DVR VX16 4.2.28.0, an unauthenticated attacker can achieve remote command execution via shell metacharacters in the cgi-bin/slogin/login.py User-Agent HTTP header...

CVE-2023-48985

Cross Site Scripting XSS vulnerability in CU Solutions Group CUSG Content Management System CMS before v.7.75 allows a remote attacker to execute arbitrary code, escalate privileges, and obtain sensitive information via a crafted script to the login.php component...

CVE-2024-0359

A vulnerability was found in code-projects Simple Online Hotel Reservation System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file login.php. The manipulation of the argument username/password leads to sql injection. The attack can be initiated remotely...

CVE-2023-7214

A vulnerability, which was classified as critical, has been found in Totolink N350RT 9.3.5u.6139B20201216. Affected by this issue is the function main of the file /cgi-bin/cstecgi.cgi?action=login of the component HTTP POST Request Handler. The manipulation of the argument v8 leads to stack-based...

PT-2023-30894 · Unknown · Railway Reservation System

Name of the Vulnerable Software and Affected Versions: Railway Reservation System version 1.0 Description: The issue concerns multiple Unauthenticated SQL Injection vulnerabilities. The psd parameter of the "login.php" resource does not validate the characters received, and they are sent unfilter...

Kashipara Job Portal SQL Injection Vulnerability

Kashipara Job Portal is an online job portal system from Kashipara. A SQL injection vulnerability exists in Kashipara Job Portal v1.0, which stems from the "txtUser" parameter of login.php that does not validate received characters and sends them to the database unfiltered...