CVE-2024-1729

A timing attack vulnerability exists in the gradio-app/gradio repository, specifically within the login function in routes.py. The vulnerability arises from the use of a direct comparison operation app.authusername == password to validate user credentials, which can be exploited to guess password...

CVE-2024-1176

CVE-2024-1176 affects the HT Easy GA4 – Google Analytics WordPress Plugin. The vulnerability is a missing capability check in login() that enables unauthenticated modification of the GA4 email. Affected versions are all up to and including 1.1.5. Remediation: upgrade to 1.1.6 or later (Wordfence/...

WordPress Plugin HT Easy GA4 Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

CVE-2024-28816

Student Information Chatbot a0196ab allows SQL injection via the username to the login function in index.php...

CVE-2024-28816

The CVE identifies a SQL injection in the Student Information Chatbot a0196ab, exposed via the login username parameter in index.php. The underlying flaw is unsanitized user input passed to a SQL query in the login function, enabling potential unauthorized access or data exposure. Exploitation st...

CVE-2024-28816

Student Information Chatbot a0196ab allows SQL injection via the username to the login function in index.php...

CVE-2023-41503

Student Enrollment In PHP v1.0 was discovered to contain a SQL injection vulnerability via the Login function...

PT-2024-12940 · Unknown · Student Enrollment In Php

Name of the Vulnerable Software and Affected Versions: Student Enrollment In PHP version 1.0 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the Login function. Recommendations: For version 1.0, consider disabling the Login function unti...

Student Enrollment In PHP Security Vulnerability

Student Enrollment In PHP is an open source student enrollment system from code-projects. A security vulnerability exists in Student Enrollment In PHP, which stems from an SQL injection vulnerability in the Login function...

CVE-2023-41503

Student Enrollment In PHP v1.0 was discovered to contain a SQL injection vulnerability via the Login function...

CVE-2023-41503

Student Enrollment In PHP v1.0 was discovered to contain a SQL injection vulnerability via the Login function...

CVE-2023-41503

CVE-2023-41503 affects the open-source “Student Enrollment In PHP v1.0.” The vulnerability is a SQL injection in the Login function, caused by unsafe SQL handling in the authentication flow. It is rated CVSS v3.1 base score 9.8 (CRITICAL) with Network attack vector, no privileges required, no use...

PT-2024-18257 · Gradio · Gradio

Name of the Vulnerable Software and Affected Versions: Gradio versions prior to 4.19.2 Description: A timing attack vulnerability exists in the login function, specifically within the routes.py file, due to the use of a direct comparison operation app.authusername == password to validate user...

CVE-2024-0479

A vulnerability was found in Taokeyun up to 1.0.5. It has been classified as critical. Affected is the function login of the file application/index/controller/m/User.php of the component HTTP POST Request Handler. The manipulation of the argument username leads to sql injection. It is possible to...

PT-2024-15596 · Taokeyun · Taokeyun

Name of the Vulnerable Software and Affected Versions: Taokeyun versions up to 1.0.5 Description: A critical issue has been found, affecting the function login of the file application/index/controller/m/User.php in the HTTP POST Request Handler component. The manipulation of the username argument...

CVE-2023-49281 Open Redirect in Login Function of Calendarinho

Calendarinho is an open source calendaring application to manage large teams of consultants. An Open Redirect issue occurs when a web application redirects users to external URLs without proper validation. This can lead to phishing attacks, where users are tricked into visiting malicious sites,...

Information disclosure

An issue in Beijing Yunfan Internet Technology Co., Ltd, Yunfan Learning Examination System v.6.5 allows a remote attacker to obtain sensitive information via the password parameter in the login function...

CVE-2023-46963

An issue in Beijing Yunfan Internet Technology Co., Ltd, Yunfan Learning Examination System v.6.5 allows a remote attacker to obtain sensitive information via the password parameter in the login function...

CVE-2023-44812

Cross Site Scripting XSS vulnerability in mooSocial v.3.1.8 allows a remote attacker to execute arbitrary code via a crafted payload to the adminredirecturl parameter of the user login function...

CVE-2023-44812

mooSocial v3.1.8 is affected by CVE-2023-44812: a Cross-Site Scripting (XSS) flaw allowing remote execution of script via the admin_redirect_url parameter in the user login function. The vulnerability stems from improper handling of input in that parameter, enabling an attacker to run arbitrary s...