259 matches found
CVE-2023-53878 Member Login Script 3.3 Client-Side Request Desynchronization Vulnerability
Member Login Script 3.3 contains a client-side desynchronization vulnerability that allows attackers to manipulate HTTP request handling by exploiting Content-Length header parsing. Attackers can send crafted POST requests with smuggled secondary requests to potentially bypass server-side request...
PT-2025-51296
Name of the Vulnerable Software and Affected Versions Member Login Script version 3.3 Description The software contains a client-side desynchronization issue related to how HTTP requests are handled. Specifically, the vulnerability stems from the parsing of the Content-Length header. An attacker...
Phpjabbers Member Login Script 环境问题漏洞
Phpjabbers Member Login Script is a Phpjabbers open source account management framework. An environmental issue vulnerability exists in Phpjabbers Member Login Script version 3.3, which stems from a client-side desynchronization vulnerability that could lead to manipulation of HTTP request...
CVE-2025-14619
A vulnerability was found in code-projects Student File Management System 1.0. Affected by this vulnerability is an unknown functionality of the file loginquery.php. Performing manipulation of the argument studno results in sql injection. The attack may be initiated remotely. The exploit has been...
CVE-2025-14565
A vulnerability was identified in kidaze CourseSelectionSystem up to 42cd892b40a18d50bd4ed1905fa89f939173a464. The affected element is an unknown function of the file /Profilers/SProfile/login1.php. Such manipulation of the argument Username leads to sql injection. The attack may be performed fro...
CVE-2025-14565 kidaze CourseSelectionSystem login1.php sql injection
A vulnerability was identified in kidaze CourseSelectionSystem up to 42cd892b40a18d50bd4ed1905fa89f939173a464. The affected element is an unknown function of the file /Profilers/SProfile/login1.php. Such manipulation of the argument Username leads to sql injection. The attack may be performed fro...
EUVD-2020-30841
SpinetiX Fusion Digital Signage 3.4.8 contains a username enumeration vulnerability in its login script that allows attackers to identify valid user accounts. Attackers can send crafted login requests with different usernames to distinguish between existing and non-existing accounts by analyzing...
CVE-2020-36888
SpinetiX Fusion Digital Signage 3.4.8 contains a username enumeration vulnerability in its login script that allows attackers to identify valid user accounts. Attackers can send crafted login requests with different usernames to distinguish between existing and non-existing accounts by analyzing...
CVE-2020-36888
SpinetiX Fusion Digital Signage 3.4.8 contains a username enumeration vulnerability in its login script that allows attackers to identify valid user accounts. Attackers can send crafted login requests with different usernames to distinguish between existing and non-existing accounts by analyzing...
CVE-2020-36888 SpinetiX Fusion Digital Signage 3.4.8 Username Enumeration via Login Script
SpinetiX Fusion Digital Signage 3.4.8 contains a username enumeration vulnerability in its login script that allows attackers to identify valid user accounts. Attackers can send crafted login requests with different usernames to distinguish between existing and non-existing accounts by analyzing...
CVE-2020-36888 SpinetiX Fusion Digital Signage 3.4.8 Username Enumeration via Login Script
SpinetiX Fusion Digital Signage 3.4.8 contains a username enumeration vulnerability in its login script that allows attackers to identify valid user accounts. Attackers can send crafted login requests with different usernames to distinguish between existing and non-existing accounts by analyzing...
CVE-2020-36888
CVE-2020-36888 affects SpinetiX Fusion Digital Signage 3.4.8. The flaw is a username enumeration vulnerability in the login script that lets an attacker distinguish valid user accounts by analyzing server error responses to crafted login requests. This is the only concrete detail available: the a...
PT-2025-50512
SpinetiX Fusion Digital Signage 3.4.8 contains a username enumeration vulnerability in its login script that allows attackers to identify valid user accounts. Attackers can send crafted login requests with different usernames to distinguish between existing and non-existing accounts by analyzing...
SpinetiX Fusion Digital Signage 安全漏洞
SpinetiX Fusion Digital Signage is a digital signage software from SpinetiX Switzerland. A security vulnerability exists in SpinetiX Fusion Digital Signage version 3.4.8, which originates from the presence of a username enumeration in the login script, which could lead to the disclosure of accoun...
EUVD-2025-201603
A vulnerability was found in RashminDungrani online-banking up to 2337ad552ea9d385b4e07b90e6f32d011b7c68a2. This affects an unknown part of the file /site/dist/authlogin.php. Performing manipulation of the argument Username results in sql injection. The attack can be initiated remotely. The explo...
PT-2025-49405
A vulnerability was found in RashminDungrani online-banking up to 2337ad552ea9d385b4e07b90e6f32d011b7c68a2. This affects an unknown part of the file /site/dist/auth login.php. Performing manipulation of the argument Username results in sql injection. The attack can be initiated remotely. The...
CVE-2025-65881
Sourcecodester Zoo Management System v1.0 is vulnerable to Cross Site Scripting XSS in /classes/Login.php...
PT-2025-48743
Sourcecodester Zoo Management System v1.0 is vulnerable to Cross Site Scripting XSS in /classes/Login.php...
CVE-2025-60736
CVE-2025-60736 affects Code Projects’ Online Medicine Guide 1.0. The vulnerability is an SQL Injection in /login.php via the upass parameter caused by direct string concatenation of user input into queries. The incident is rated CRITICAL (CVSS 3.1: 9.8) with network access, low attack complexity,...
CVE-2025-13585
A vulnerability was detected in itsourcecode COVID Tracking System 1.0. This issue affects some unknown processing of the file /login.php. The manipulation of the argument code results in sql injection. The attack may be performed from remote. The exploit is now public and may be used...