CVE-2023-44813

Cross Site Scripting XSS vulnerability in mooSocial v.3.1.8 allows a remote attacker to execute arbitrary code via a crafted payload to the mode parameter of the invite friend login function...

PT-2023-29300 · Moosocial · Moosocial

Name of the Vulnerable Software and Affected Versions: mooSocial version 3.1.8 Description: The issue allows a remote attacker to execute arbitrary code via a crafted payload to the admin redirect url parameter of the user login function. This is a Cross Site Scripting XSS issue. Recommendations:...

PT-2023-29301 · Moosocial · Moosocial

Name of the Vulnerable Software and Affected Versions: mooSocial version 3.1.8 Description: The issue allows a remote attacker to execute arbitrary code via a crafted payload to the mode parameter of the invite friend login function. This is a Cross Site Scripting XSS issue. Recommendations: For...

Strapi Improper Rate Limiting vulnerability

Summary There is a rate limit on the login function of Strapi's admin screen, but it is possible to circumvent it. 2. Details It is possible to avoid this by modifying the rate-limited request path as follows. 1. Manipulating request paths to upper or lower case. Pattern 1 - In this case,...

CVE-2023-41594

Dairy Farm Shop Management System Using PHP and MySQL v1.1 was discovered to contain multiple SQL injection vulnerabilities in the Login function via the Username and Password parameters...

CVE-2023-41594

Dairy Farm Shop Management System Using PHP and MySQL v1.1 was discovered to contain multiple SQL injection vulnerabilities in the Login function via the Username and Password parameters...

Sql injection

Dairy Farm Shop Management System Using PHP and MySQL v1.1 was discovered to contain multiple SQL injection vulnerabilities in the Login function via the Username and Password parameters...

CVE-2023-41594

Dairy Farm Shop Management System Using PHP and MySQL v1.1 was discovered to contain multiple SQL injection vulnerabilities in the Login function via the Username and Password parameters...

PT-2023-27989 · Unknown · Dairy Farm Shop Management System Using Php/Mysql

Name of the Vulnerable Software and Affected Versions: Dairy Farm Shop Management System Using PHP and MySQL version 1.1 Description: The Dairy Farm Shop Management System Using PHP and MySQL contains multiple SQL injection vulnerabilities in the Login function. These vulnerabilities are exploite...

PT-2023-18365 · Unknown · Campcodes Retro Basketball Shoes Online Store

Name of the Vulnerable Software and Affected Versions: Campcodes Retro Basketball Shoes Online Store version 1.0 Description: A critical issue affects some unknown functionality of the file /function/login.php. The manipulation of the email argument leads to sql injection. The attack can be...

PT-2023-13053 · Osticket · Osticket

Name of the Vulnerable Software and Affected Versions: osTicket versions through 1.16.2 Description: The issue is related to a Session Fixation vulnerability in the login function within class.auth.php of osTicket. This vulnerability allows an attacker to potentially hijack user sessions...

PT-2023-15575 · Sipe S.R.L · Wi400

Name of the Vulnerable Software and Affected Versions: SIPE s.r.l WI400 versions 8 through 11 Description: A cross-site scripting XSS issue in the check login function allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the f parameter. This enables the...

CVE-2023-22900

Efence login function has insufficient validation for user input. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands to access, modify or delete database...

CVE-2022-39042

aEnrich a+HRD has improper validation for login function. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and access API function to perform arbitrary system command or disrupt service...

CVE-2022-23468

xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol RDP. xrdp v0.9.21 contain a buffer over flow in xrdploginwndcreate function. There are no known workarounds for this issue. Users are advised to upgrade...

Authentication flaw

UPSMON Pro login function has insufficient authentication. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and get administrator privilege to access, control system or disrupt service...

CVE-2022-3804

A vulnerability was found in eolinker apinto-dashboard. It has been classified as problematic. Affected is an unknown function of the file /login. The manipulation of the argument callback leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed ...

PT-2022-20016 · Sourcecodester · Sourcecodester Simple Task Managing System

Name of the Vulnerable Software and Affected Versions: SourceCodester Simple Task Managing System affected versions not specified Description: A critical vulnerability has been found in the SourceCodester Simple Task Managing System, affecting an unknown part of the file /loginVaLidation.php. The...

CVE-2022-2674

CVE-2022-2674 affects SourceCodester Best Fee Management System: the login function in admin_class.php is vulnerable to SQL injection via the username parameter. This can be exploited remotely, with public exploit availability noted. Impact is described as critical in the CVE entry. No remediatio...

CVE-2022-32425

The login function of Mealie v1.0.0beta-2 allows attackers to enumerate existing usernames by timing the server's response time...