Vulnerability of the patientlogin.php script in online hospital management systems. SourceCodester Online Hospital Management System allows attackers to execute arbitrary SQL queries.

The vulnerability of the patientlogin.php script in the online hospital management system is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows an attacker to execute arbitrary SQL queries against the database remotely...

PT-2023-29134 · Online Movie Ticket Booking System +1 · Online Movie Ticket Booking System

Name of the Vulnerable Software and Affected Versions: process login.php affected versions not specified Description: The issue is related to the 'Email' parameter of the process login.php resource, which does not validate the characters received, sending them unfiltered to the database...

Zyxel PMG Security Breach

Zyxel PMG is a series of dual-band wireless ONT home gateway units from China's Hopkins Zyxel . A security vulnerability exists in Zyxel PMG version v.PMG2005-T20B, which originates from a vulnerability that could allow a remote attacker to cause a denial of service via a crafted script via the u...

Member Login Script 3.3 - Client-side desync

Title: Member Login Script 3.3 - Client-side desync Author: nu11secur1ty Date: 08/25/2023 Vendor: https://www.phpjabbers.com/ Reference: https://portswigger.net/web-security/request-smuggling/browser/client-side-desync Description: The server appears to be vulnerable to client-side desync attacks...

CVE-2023-31447

userlogin.cgi on Draytek Vigor2620 devices before 3.9.8.4 and on all versions of Vigor2925 devices allows attackers to send a crafted payload to modify the content of the code segment, insert shellcode, and execute arbitrary code...

CVE-2023-31752

SourceCodester Employee and Visitor Gate Pass Logging System v1.0 is vulnerable to SQL Injection via /employeegatepass/classes/Login.php...

CVE-2023-2205

A vulnerability was found in Campcodes Retro Basketball Shoes Online Store 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /function/login.php. The manipulation of the argument email leads to sql injection. The attack may be launched remotely...

Campcodes Online Traffic Offense Management System SQL注入漏洞

Campcodes Online Traffic Offense Management System is a web-based traffic offense management system. A SQL injection vulnerability exists in Campcodes Online Traffic Offense Management System v1.0. The vulnerability stems from the lack of validation of external input SQL statements in the paramet...

PT-2023-17157 · Sourcecodester · School Registration/Fee System

Name of the Vulnerable Software and Affected Versions: SourceCodester School Registration and Fee System version 1.0 Description: A critical issue affects the processing of the file /bilal final/login.php of the component POST Parameter Handler. The manipulation of the username argument leads to...

CVE-2023-23313

Certain Draytek products are vulnerable to Cross Site Scripting XSS via the wlogin.cgi script and userlogin.cgi script of the router's web application management portal. This affects Vigor3910, Vigor1000B, Vigor2962 v4.3.2.1; Vigor2865 and Vigor2866 v4.4.1.0; Vigor2927 v4.4.2.2; and Vigor2915,...

CVE-2022-2666

A vulnerability has been found in SourceCodester Loan Management System and classified as critical. This vulnerability affects unknown code of the file login.php. The manipulation of the argument username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed...

Open-Xchange OX App Suite 跨站脚本漏洞

Open-Xchange OX App Suite is an email and productivity suite client software from Open-Xchange Germany. A security vulnerability exists in Open-Xchange OX App Suite 7.10.6 and prior versions, which stems from a vulnerability that allows an attacker to use a special character that registers a...

The vulnerability in the implementation of the account.php, login.php, and book_car.php scripts of the CMS system, Official Car Rental System, allows a violator to bypass security restrictions.

The vulnerability in the implementation of the account.php, login.php, and bookcar.php scripts of the Official Car Rental System relates to the lack of measures taken to protect the SQL query structure when processing parameters such as uname, pass, and id. Exploiting this vulnerability allows a...

Desdev DedeCMS 代码注入漏洞

Desdev DedeCMS Dream Weaving Content Management System is a PHP-based open-source content management system CMS of China Zhuozhuo network Desdev company. The system has content publishing, content management, content editing and content retrieval functions. A security vulnerability exists in...

Gym Management System SQL注入漏洞

SourceCodester Gym Management System is an American SourceCodester company's gym management system. The system is developed in C and sql server and features customer and vendor management, product management, sales management, gym membership management, fitness assessment, system logging, databas...

CVE-2022-36266

In Airspan AirSpot 5410 version 0.3.4.1-4 and under there exists a stored XSS vulnerability. As the binary file /home/www/cgi-bin/login.cgi does not check if the user is authenticated, a malicious actor can craft a specific request on the login.cgi endpoint that contains a base32 encoded XSS...

Rigatur Online Booking and Hotel Management System SQL注入漏洞

Hotel Management System is a hotel management system based MIS project by Prem Chand Saini, an individual developer in India. Rigatur Online Booking and Hotel Management System aff6409 suffers from a SQL injection vulnerability that stems from an unknown function of the POST request handler of it...

CVE-2021-37413

GRANDCOM DynWEB before 4.2 contains a SQL Injection vulnerability in the admin login interface. A remote unauthenticated attacker can exploit this vulnerability to obtain administrative access to the webpage, access the user database, modify web content and upload custom files. The backend login...

H3C SSL VPN - Username Enumeration

Exploit Title: H3C SSL VPN - Username Enumeration Exploit Author: LiquidWorm H3C SSL VPN Username Enumeration Vendor: Hangzhou H3C Technologies Co. | New H3C Technologies Co., Ltd. Product web page: https://www.h3c.com Affected version: n/a Summary: H3C SSL VPN is a secure VPN system based on SSL...

H3C SSL VPN Username Enumeration Vulnerability

H3C SSL VPN Username Enumeration Vendor: Hangzhou H3C Technologies Co. | New H3C Technologies Co., Ltd. Product web page: https://www.h3c.com Affected version: n/a Summary: H3C SSL VPN is a secure VPN system based on SSL connections. It allows mobile employees to access corporate networks remotel...