33 matches found
Cockpit Web Console < 360 - Remote Code Execution
Cockpit's remote login feature passes user-supplied hostnames and usernames from the web interface to the SSH client without validation or sanitization. An attacker with network access to the Cockpit web service can craft a single HTTP request to the login endpoint that injects malicious SSH...
Lemur: LDAP Filter Injection enables post-authentication privilege escalation
Description Overview Lemur's LDAP authentication module lemur/auth/ldap.py constructs LDAP search filters using unsanitized user input via Python string interpolation. An authenticated LDAP user can inject LDAP filter metacharacters through the username field to manipulate group membership querie...
CVE-2026-33432
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions up to and including 8.2.8.2, when LDAP authentication is enabled, Roxy-WI constructs an LDAP search filter by directly concatenating the user-supplied login username into the filter string without...
cockpit: Cockpit: Unauthenticated remote code execution due to SSH command-line argument injection
Cockpit's remote login feature passes user-supplied hostnames and usernames from the web interface to the SSH client without validation or sanitization. An attacker with network access to the Cockpit web service can craft a single HTTP request to the login endpoint that injects malicious SSH...
cockpit: Cockpit: Unauthenticated remote code execution due to SSH command-line argument injection
Cockpit's remote login feature passes user-supplied hostnames and usernames from the web interface to the SSH client without validation or sanitization. An attacker with network access to the Cockpit web service can craft a single HTTP request to the login endpoint that injects malicious SSH...
CVE-2018-25201 School Management System CMS 1.0 Admin Login SQL Injection
School Management System CMS 1.0 contains an SQL injection vulnerability in the admin login functionality that allows attackers to bypass authentication by injecting SQL code through the username parameter. Attackers can submit malicious payloads using boolean-based blind SQL injection techniques...
CVE-2018-25201
The CVE-2018-25201 issue affects School Management System CMS 1.0. An SQL injection in the admin login (processlogin endpoint) via the username parameter allows bypassing authentication by sending boolean-based blind payloads, enabling login as administrator without valid credentials. The vulnera...
CVE-2018-25185 Wecodex Restaurant CMS 1.0 SQL Injection via Login
Wecodex Restaurant CMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the username parameter. Attackers can send POST requests to the login endpoint with malicious SQL payloads using boolean-based blin...
CVE-2026-3708
The CVE-2026-3708 entry affects code-projects Simple Flight Ticket Booking System 1.0. The vulnerability is an SQL injection in an unknown function of /login.php triggered by manipulating the Username parameter. It can be exploited remotely and there is public exploitation activity. Remediation g...
CVE-2026-3708 code-projects Simple Flight Ticket Booking System login.php sql injection
A security flaw has been discovered in code-projects Simple Flight Ticket Booking System 1.0. The impacted element is an unknown function of the file /login.php. Performing a manipulation of the argument Username results in sql injection. The attack may be initiated remotely. The exploit has been...
CVE-2026-2057 SourceCodester Medical Center Portal Management System login.php sql injection
A vulnerability was detected in SourceCodester Medical Center Portal Management System 1.0. This affects an unknown function of the file /login.php. The manipulation of the argument User results in sql injection. The attack can be executed remotely. The exploit is now public and may be used...
Fikir Odalari AdminPando SQL注入漏洞
Fikir Odalari AdminPando is a backend management system operated by the Turkish company Fikir Odalari. Version 1.0.1 of Fikir Odalari AdminPando before January 26, 2026 contained an SQL injection vulnerability. This vulnerability stemmed from the username and password parameters used in the login...
MiracleLinux 8 : mailman:2.1 (AXSA:2021-2169:01)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2169:01 advisory. mailman: arbitrary content injection via the options login page CVE-2020-12108 mailman: arbitrary content injection via the private archive login pa...
BeeS BET e-Portal 安全漏洞
BeeS BET e-Portal is a faculty and exam management system from BeeS India. A security vulnerability exists in BeeS BET e-Portal that stems from a SQL injection in the login function, which could lead to the execution of arbitrary SQL commands...
CVE-2025-13285
The CVE-2025-13285 entry concerns itsourcecode Online Voting System 1.0. The vulnerability is a SQL injection in the /login.php file, triggered by manipulating the Username parameter due to an unknown function, with remote access possible. Public exploit information is noted in the sources. Affec...
CVE-2025-12928 code-projects Online Job Search Engine login.php sql injection
A vulnerability was detected in code-projects Online Job Search Engine 1.0. This affects an unknown function of the file /login.php. Performing manipulation of the argument username/phone results in sql injection. The attack is possible to be carried out remotely. The exploit is now public and ma...
CVE-2025-11397 SourceCodester Hotel and Lodge Management System login.php sql injection
A security flaw has been discovered in SourceCodester Hotel and Lodge Management System 1.0. The affected element is an unknown function of the file /login.php. Performing manipulation of the argument email results in sql injection. The attack may be initiated remotely. The exploit has been...
EUVD-2012-6589
Malware in sbrugna...
EUVD-2016-10214
Malware in sbrugna...
EUVD-2025-30876
Malicious code in bioql PyPI...