427 matches found
Sourcecodester Storage Unit Rental Management System SQL注入漏洞
SourceCodester Storage Unit Rental Management System is a storage unit rental management system that helps manage storage unit rental business records and monitor their records. sourceCodester Storage Unit Rental Management A SQL injection vulnerability exists in the v1 version of the System. The...
CVE-2021-44244
An SQL Injection vulnerabiity exists in Sourcecodester Logistic Hub Parcel's Management System 1.0 via the username parameter in login.php...
CVE-2021-44244
An SQL Injection vulnerabiity exists in Sourcecodester Logistic Hub Parcel's Management System 1.0 via the username parameter in login.php...
ASUS RT-AX56U 路径遍历漏洞
ASUS RT-AX56U is a wireless router from ASUS Taiwan, China.A path traversal vulnerability exists in ASUS RT-AX56U, which stems from the insufficient filtering of special characters in URL parameters by the login function of ASUS RT-AX56U, which could be exploited by an unauthenticated LAN attacke...
CVE-2021-41647
An un-authenticated error-based and time-based blind SQL injection vulnerability exists in Kaushik Jadhav Online Food Ordering Web App 1.0. An attacker can exploit the vulnerable "username" parameter in login.php and retrieve sensitive database information, as well as add an administrative user...
Online-Food-Ordering-Web-App SQL注入漏洞
Online-Food-Ordering-Web-App is an open source online food ordering system website by the individual developer Kaushik Jadhav. Online-Food-Ordering-Web-App suffers from a SQL injection vulnerability that stems from an error- and time-based unauthenticated SQL blind injection vulnerability in...
Open Redirect in fisharebest/webtrees
Description OpenRedirect at login with parameter &url= Proof of Concept // PoC.request POST /demo-stable/index.php?route=%2Fdemo-stable%2Flogin%2Fdemo HTTP/2 Host: dev.webtrees.net Cookie: Secure-WT-ID=ekks8678620p55do7do21jd4p1 User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X 10.15; rv:93.0...
The vulnerability of the IT reporting software Operation Bridge Reporter (OBR) arises from improper processing of parameters related to the final login resource point. This allows a perpetrator to execute arbitrary code.
The vulnerability of the IT reporting software Operation Bridge Reporter OBR is related to the improper processing of parameters at the final login point. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
CVE-2021-24406
The wpForo Forum WordPress plugin before 1.9.7 did not validate the redirectto parameter in the login form of the forum, leading to an open redirect issue after a successful login. Such issue could allow an attacker to induce a user to use a login URL redirecting to a website under their control...
CVE-2020-7868
A remote code execution vulnerability exists in helpUSremote administration tool due to improper validation of parameter of ShellExecutionExA function used for login...
gnuboard5 跨站脚本漏洞
GNUBOARD5 is a Web forum system based on PHP and MySQL. A cross-site scripting vulnerability exists in GNUBOARD5 5.3.2.8 and earlier versions. The vulnerability can be exploited to conduct cross-site scripting attacks via the url parameter in bbs/login.php...
Metinfo 跨站脚本漏洞
MetInfo is a Content Management System CMS developed using PHP and Mysql. A cross-site scripting vulnerability exists in MetInfo. The vulnerability can be exploited to conduct cross-site scripting attacks via the gourl parameter in login.php...
CVE-2021-30083
An issue was discovered in Mediat 1.4.1. There is a Reflected XSS vulnerability which allows remote attackers to inject arbitrary web script or HTML without authentication via the 'return' parameter in login.php...
Magnolia CMS 跨站脚本漏洞
Magnolia is a Java-based open source content management system CMS. A reflected cross-site scripting vulnerability exists in the /magnoliaPublic/travel/members/login.html mgnlUserId parameter in Magnolia versions 6.1.3 - 6.2.3. No detailed vulnerability details are available at this time...
Seo Panel Cross-Site Scripting Vulnerability (CNVD-2021-01543)
SEO Panel is a free, open source SEO optimization software. A reflective cross-site scripting vulnerability exists in Seo Panel 4.8.0. An attacker can exploit this vulnerability via the seo/seopanel/login.php?sec=forgot email parameter to conduct a cross-site scripting attack...
PT-2021-18572 · Seo Panel · Seo Panel
Name of the Vulnerable Software and Affected Versions: Seo Panel version 4.8.0 Description: The issue allows reflected XSS via the "seo/seopanel/login.php?sec=forgot" email parameter. This can potentially lead to malicious script execution. No information is provided about the estimated number of...
SourceCodester Online Clothing Store SQL Injection Vulnerability
SourceCodester Online Clothing Store is a website builder system from SourceCodester, Inc. that provides online clothing store functionality. A SQL injection vulnerability exists in SourceCodester version 1.0. The vulnerability stems from the program failing to properly validate user input, which...
CVE-2020-28138
SourceCodester Online Clothing Store 1.0 is affected by a SQL Injection via the txtUserName parameter to login.php...
phpRedisAdmin Cross-Site Scripting Vulnerability
phpRedisAdmin is a web administration page for managing Redis for individual developers. A cross-site scripting vulnerability exists in phpRedisAdmin versions prior to 1.13.2, which stems from the login.php username parameter allowing XSS.No detailed vulnerability details are available at this ti...
CVE-2020-27163
phpRedisAdmin before 1.13.2 allows XSS via the login.php username parameter...