Lucene search
+L

427 matches found

CNNVD
CNNVD
added 2022/01/24 12:0 a.m.3 views

Sourcecodester Storage Unit Rental Management System SQL注入漏洞

SourceCodester Storage Unit Rental Management System is a storage unit rental management system that helps manage storage unit rental business records and monitor their records. sourceCodester Storage Unit Rental Management A SQL injection vulnerability exists in the v1 version of the System. The...

9.8CVSS6AI score0.01254EPSS
Exploits1References2
OSV
OSV
added 2022/01/20 7:15 p.m.3 views

CVE-2021-44244

An SQL Injection vulnerabiity exists in Sourcecodester Logistic Hub Parcel's Management System 1.0 via the username parameter in login.php...

9.8CVSS5.8AI score0.01254EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2022/01/20 7:15 p.m.3 views

CVE-2021-44244

An SQL Injection vulnerabiity exists in Sourcecodester Logistic Hub Parcel's Management System 1.0 via the username parameter in login.php...

9.8CVSS7.4AI score0.01254EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/01/14 12:0 a.m.6 views

ASUS RT-AX56U 路径遍历漏洞

ASUS RT-AX56U is a wireless router from ASUS Taiwan, China.A path traversal vulnerability exists in ASUS RT-AX56U, which stems from the insufficient filtering of special characters in URL parameters by the login function of ASUS RT-AX56U, which could be exploited by an unauthenticated LAN attacke...

6.5CVSS5.8AI score0.00452EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2021/10/01 3:15 p.m.3 views

CVE-2021-41647

An un-authenticated error-based and time-based blind SQL injection vulnerability exists in Kaushik Jadhav Online Food Ordering Web App 1.0. An attacker can exploit the vulnerable "username" parameter in login.php and retrieve sensitive database information, as well as add an administrative user...

9.1CVSS7.4AI score0.01944EPSS
Exploits4References5
CNNVD
CNNVD
added 2021/10/01 12:0 a.m.6 views

Online-Food-Ordering-Web-App SQL注入漏洞

Online-Food-Ordering-Web-App is an open source online food ordering system website by the individual developer Kaushik Jadhav. Online-Food-Ordering-Web-App suffers from a SQL injection vulnerability that stems from an error- and time-based unauthenticated SQL blind injection vulnerability in...

9.1CVSS8.4AI score0.01944EPSS
Exploits4References6
Huntr
Huntr
added 2021/09/28 1:38 p.m.13 views

Open Redirect in fisharebest/webtrees

Description OpenRedirect at login with parameter &url= Proof of Concept // PoC.request POST /demo-stable/index.php?route=%2Fdemo-stable%2Flogin%2Fdemo HTTP/2 Host: dev.webtrees.net Cookie: Secure-WT-ID=ekks8678620p55do7do21jd4p1 User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X 10.15; rv:93.0...

Exploits0
BDU FSTEC
BDU FSTEC
added 2021/08/12 12:0 a.m.5 views

The vulnerability of the IT reporting software Operation Bridge Reporter (OBR) arises from improper processing of parameters related to the final login resource point. This allows a perpetrator to execute arbitrary code.

The vulnerability of the IT reporting software Operation Bridge Reporter OBR is related to the improper processing of parameters at the final login point. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

10CVSS8.2AI score0.9674EPSS
Exploits4References12Affected Software1
OSV
OSV
added 2021/07/06 11:15 a.m.6 views

CVE-2021-24406

The wpForo Forum WordPress plugin before 1.9.7 did not validate the redirectto parameter in the login form of the forum, leading to an open redirect issue after a successful login. Such issue could allow an attacker to induce a user to use a login URL redirecting to a website under their control...

6.1CVSS6.4AI score0.03379EPSS
Exploits2References1
OSV
OSV
added 2021/06/29 2:15 p.m.5 views

CVE-2020-7868

A remote code execution vulnerability exists in helpUSremote administration tool due to improper validation of parameter of ShellExecutionExA function used for login...

9.8CVSS7.8AI score0.02679EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/06/24 12:0 a.m.6 views

gnuboard5 跨站脚本漏洞

GNUBOARD5 is a Web forum system based on PHP and MySQL. A cross-site scripting vulnerability exists in GNUBOARD5 5.3.2.8 and earlier versions. The vulnerability can be exploited to conduct cross-site scripting attacks via the url parameter in bbs/login.php...

6.1CVSS5.2AI score0.01135EPSS
Exploits1References3
CNNVD
CNNVD
added 2021/06/21 12:0 a.m.5 views

Metinfo 跨站脚本漏洞

MetInfo is a Content Management System CMS developed using PHP and Mysql. A cross-site scripting vulnerability exists in MetInfo. The vulnerability can be exploited to conduct cross-site scripting attacks via the gourl parameter in login.php...

6.1CVSS5.2AI score0.00945EPSS
Exploits1References3
OSV
OSV
added 2021/05/24 6:15 p.m.4 views

CVE-2021-30083

An issue was discovered in Mediat 1.4.1. There is a Reflected XSS vulnerability which allows remote attackers to inject arbitrary web script or HTML without authentication via the 'return' parameter in login.php...

6.1CVSS6.5AI score0.00839EPSS
Exploits1References1
CNNVD
CNNVD
added 2021/04/02 12:0 a.m.6 views

Magnolia CMS 跨站脚本漏洞

Magnolia is a Java-based open source content management system CMS. A reflected cross-site scripting vulnerability exists in the /magnoliaPublic/travel/members/login.html mgnlUserId parameter in Magnolia versions 6.1.3 - 6.2.3. No detailed vulnerability details are available at this time...

6.1CVSS5.1AI score0.0111EPSS
Exploits1References4
CNVD
CNVD
added 2021/01/04 12:0 a.m.2 views

Seo Panel Cross-Site Scripting Vulnerability (CNVD-2021-01543)

SEO Panel is a free, open source SEO optimization software. A reflective cross-site scripting vulnerability exists in Seo Panel 4.8.0. An attacker can exploit this vulnerability via the seo/seopanel/login.php?sec=forgot email parameter to conduct a cross-site scripting attack...

6.1CVSS6.2AI score0.04278EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2021/01/01 12:0 a.m.7 views

PT-2021-18572 · Seo Panel · Seo Panel

Name of the Vulnerable Software and Affected Versions: Seo Panel version 4.8.0 Description: The issue allows reflected XSS via the "seo/seopanel/login.php?sec=forgot" email parameter. This can potentially lead to malicious script execution. No information is provided about the estimated number of...

6.1CVSS6.1AI score0.04278EPSS
Exploits1References8
CNVD
CNVD
added 2020/11/24 12:0 a.m.2 views

SourceCodester Online Clothing Store SQL Injection Vulnerability

SourceCodester Online Clothing Store is a website builder system from SourceCodester, Inc. that provides online clothing store functionality. A SQL injection vulnerability exists in SourceCodester version 1.0. The vulnerability stems from the program failing to properly validate user input, which...

9.8CVSS8.1AI score0.01957EPSS
Exploits1References1
OSV
OSV
added 2020/11/17 7:15 p.m.2 views

CVE-2020-28138

SourceCodester Online Clothing Store 1.0 is affected by a SQL Injection via the txtUserName parameter to login.php...

9.8CVSS7.4AI score0.01957EPSS
Exploits1References2
CNVD
CNVD
added 2020/10/21 12:0 a.m.4 views

phpRedisAdmin Cross-Site Scripting Vulnerability

phpRedisAdmin is a web administration page for managing Redis for individual developers. A cross-site scripting vulnerability exists in phpRedisAdmin versions prior to 1.13.2, which stems from the login.php username parameter allowing XSS.No detailed vulnerability details are available at this ti...

6.1CVSS6.2AI score0.00665EPSS
Exploits0References1
NVD
NVD
added 2020/10/16 3:15 a.m.17 views

CVE-2020-27163

phpRedisAdmin before 1.13.2 allows XSS via the login.php username parameter...

6.1CVSS0.00665EPSS
Exploits0References1
Rows per page
Query Builder