CVE-2025-15223

A vulnerability was found in Philipinho Simple-PHP-Blog up to 94b5d3e57308bce5dfbc44c3edafa9811893d958. Impacted is an unknown function of the file /login.php. Performing manipulation of the argument Username results in cross site scripting. The attack is possible to be carried out remotely. The...

College Notes Uploading System /login.php File SQL Injection Vulnerability

College Notes Uploading System is a college notes uploading system. College Notes Uploading System suffers from a SQL injection vulnerability that originates from the mishandling of the User parameter operation by an unknown handler function in the /login.php file. An attacker can use this...

CVE-2022-50794

SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain an unauthenticated command injection vulnerability in the username parameter. Attackers can exploit index.php and login.php scripts by injecting arbitrary shell commands through the HTTP POST 'username' parameter to execute system...

CVE-2022-50800 H3C SSL VPN n/a Username Enumeration via Login Script Credential Verification

H3C SSL VPN contains a user enumeration vulnerability that allows attackers to identify valid usernames through the 'txtUsrName' POST parameter. Attackers can submit different usernames to the loginsubmit.cgi endpoint and analyze response messages to distinguish between existing and non-existing...

CVE-2022-50800

The CVE-2022-50800 entry concerns H3C SSL VPN, where the login_submit.cgi endpoint’s txtUsrName POST parameter enables user enumeration. Attackers can submit multiple usernames and compare response messages to distinguish existing vs. non-existing accounts, indicating a confidentiality impact and...

CVE-2022-50794

CVE-2022-50794 affects SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below. An unauthenticated command injection exists via the HTTP POST username parameter in index.php and login.php, enabling execution of arbitrary shell commands with network access. Public details identify the vulnerable comp...

CVE-2022-50794 SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x Unauthenticated Command Injection via Username

SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below contain an unauthenticated command injection vulnerability in the username parameter. Attackers can exploit index.php and login.php scripts by injecting arbitrary shell commands through the HTTP POST 'username' parameter to execute system...

CVE-2025-15243

CVE-2025-15243 affects Simple Stock System 1.0 via /market/login.php where manipulating the Username parameter enables SQL injection. Remote exploitation is possible and exploits have been published. Multiple sources describe the vulnerability and its potential impact on confidentiality, integrit...

PT-2025-54242

Name of the Vulnerable Software and Affected Versions SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below Description The software contains an unauthenticated command injection issue. An attacker can inject arbitrary shell commands through the HTTP POST username parameter in the index.php and...

CVE-2025-68914

Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/login.cgi username SQL Injection. For example, an attacker can delete the LOGINFAILEDTABLE table...

CVE-2025-68914

Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/login.cgi username SQL Injection. For example, an attacker can delete the LOGINFAILEDTABLE table...

CVE-2025-68914

Riello UPS NetMan 208 Application before 1.12 allows cgi-bin/login.cgi username SQL Injection. For example, an attacker can delete the LOGINFAILEDTABLE table...

CVE-2025-68914

The CVE-2025-68914 entry describes a SQL injection in Riello UPS NetMan 208 Application before 1.12 via cgi-bin/login.cgi username, enabling manipulation such as deleting LOGINFAILEDTABLE. Affected product: Riello UPS NetMan 208 Application (versions

PT-2025-53345

Name of the Vulnerable Software and Affected Versions Riello UPS NetMan 208 Application versions prior to 1.12 Description The Riello UPS NetMan 208 Application is affected by a SQL injection issue in the cgi-bin/login.cgi script. Specifically, the username parameter is susceptible to SQL injecti...

CVE-2023-53963

SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains an unauthenticated OS command injection vulnerability that allows remote attackers to execute arbitrary shell commands through the 'password' parameter. Attackers can exploit the login.php and index.php scripts by injecting shell commands via the...

CVE-2023-53963

SOUND4 IMPACT/FIRST/PULSE/Eco v2.x contains an unauthenticated OS command injection vulnerability that allows remote attackers to execute arbitrary shell commands through the 'password' parameter. Attackers can exploit the login.php and index.php scripts by injecting shell commands via the...

CVE-2023-53878

Member Login Script 3.3 contains a client-side desynchronization vulnerability that allows attackers to manipulate HTTP request handling by exploiting Content-Length header parsing. Attackers can send crafted POST requests with smuggled secondary requests to potentially bypass server-side request...

CVE-2023-53878

Member Login Script 3.3 contains a client-side desynchronization vulnerability that allows attackers to manipulate HTTP request handling by exploiting Content-Length header parsing. Attackers can send crafted POST requests with smuggled secondary requests to potentially bypass server-side request...

CVE-2023-53878

CVE-2023-53878 — Member Login Script 3.3 involves a client-side desynchronization vulnerability tied to parsing the Content-Length header. The flaw allows attackers to manipulate HTTP request handling by smuggling secondary requests within crafted POST payloads, potentially bypassing server-side ...

CVE-2023-53878 Member Login Script 3.3 Client-Side Request Desynchronization Vulnerability

Member Login Script 3.3 contains a client-side desynchronization vulnerability that allows attackers to manipulate HTTP request handling by exploiting Content-Length header parsing. Attackers can send crafted POST requests with smuggled secondary requests to potentially bypass server-side request...