CVE-2025-5060

The Bravis User plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.0.1. This is due to the plugin not properly logging a user in with the data that was previously verified through the facebookajaxlogincallback. This makes it possible for...

Church Donation System /login_admin.php File SQL Injection Vulnerability

The Church Donation System is a system of church giving. The Church Donation System suffers from a SQL injection vulnerability that stems from the lack of validation of an externally entered SQL statement in the parameter Username in the file /members/loginadmin.php. An attacker can exploit this...

Code-Projects Church Donation System 注入漏洞

The Church Donation System is a system of church giving. The Church Donation System suffers from a SQL injection vulnerability that stems from the lack of validation of an externally entered SQL statement in the parameter Username in the file /members/loginadmin.php. An attacker can exploit this...

CVE-2020-29228

EGavilanMedia User Registration and Login System With Admin Panel 1.0 is affected by SQL injection in the User Login Page...

CVE-2024-9822

The Pedalo Connector plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.0.5. This is due to insufficient restriction on the 'loginadminuser' function. This makes it possible for unauthenticated attackers to log to the first user, who is usually the...

WordPress plugin Pedalo Connector 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

IceCMS 安全漏洞

IceCMS is a content management system based on Spring Boot + Vue front-end and back-end separation by NgShow individual developers. A security vulnerability exists in IceCMS 3.4.7 and earlier versions, which stems from the presence of an incorrect privilege modification that allows an attacker to...

WordPress Custom Login Admin Front-end CSS Plugin <= 1.4.1 is vulnerable to Server Side Request Forgery (SSRF)

Software Custom Login Admin Front-end CSS Type Plugin Vulnerable versions = 1.4.1 Fixed in 1.5 OWASP Top 10 A1: Injection Classification Server Side Request Forgery SSRF CVE CVE-2022-40700 Patch priority Low CVSS severity Low 8.2 Developer Claim ownership PSID 19400bb94bda Credits Dave Jong...

CVE-2022-1828

The PDF24 Articles To PDF WordPress plugin through 4.2.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

CVE-2019-16702

Integard Pro 2.2.0.9026 allows remote attackers to execute arbitrary code via a buffer overflow involving a long NoJs parameter to the /LoginAdmin URI...

CVE-2018-17146

A cross-site scripting vulnerability exists in Nagios XI before 5.5.4 via the 'name' parameter within the Account Information page. Exploitation of this vulnerability allows an attacker to execute arbitrary JavaScript code within the auto login admin management page...

Sheffield SQL Injection Vulnerability

Exploit for php platform in category web applications 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 +...

MyPhpAuction 2 0 1 0 SQL injection vulnerability-vulnerability warning-the black bar safety net

MyPhpAuction 2 0 1 0 productdesc. the php pageSQL injectionattacks can obtain user account passwords. http://www.myhack58.com/productdesc.php?id=-5+union+all+select+1,2,concatadminname,0x3a,pwd,4,5,6,7,8,9,1 0,1 1,1 2,1 3,1 4,1 5,1 6,1 7,1 8,1 9,2 0,2 1,2 2,2 3,2 4,2 5,2 6,2 7,2 8,2 9,3 0,3 1,3 2...

ABC Advertise 1.0 - Admin Password Disclosure

ABC Advertise 1.0 - Admin Password Disclosure homepage : http://www.zakkis.ca./index.php?p=39 + ABC Advertise 1.0 Admin Data Disclosure + Discovered By SirGod + www.mortal-team.net + www.h4cky0u.org + Admin Data Disclosure - Go to http://127.0.0.1/path/admin.inc.php - You will find there the admi...

CMScore - SQL Injection

CMScore - SQL Injection /==========================================/ // GHC - CMS CORE - ADVISORY // Product: CMS Core // URL: http://chipmunk-scripts.com/scripts/cmscore.php // VULNERABILITY CLASS: SQL injection /==========================================/ exploit Log in with username...