Lucene search
K

424 matches found

attackerkb
attackerkb
added 2026/03/22 7:41 a.m.7 views

CVE-2026-4540

A vulnerability was detected in projectworlds Online Notes Sharing System 1.0. This issue affects some unknown processing of the file /login.php of the component Parameters Handler. The manipulation of the argument User results in sql injection. The attack can be executed remotely. The exploit is...

7.5CVSS6.8AI score0.00359EPSS
Exploits0References4Affected Software1
cnnvd
cnnvd
added 2026/03/16 12:0 a.m.6 views

Raytha CMS 跨站脚本漏洞

Raytha CMS is a content management system developed by the American company Raytha. Versions of Raytha CMS prior to 1.4.6 contained a cross-site scripting vulnerability. This vulnerability stemmed from the returnUrl parameter in the login function, which allowed for reflected cross-site scripting...

6.1CVSS5.7AI score0.00277EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/03/16 12:0 a.m.5 views

PT-2026-25682

Name of the Vulnerable Software and Affected Versions itsourcecode Online Enrollment System version 1.0 Description A weakness exists in itsourcecode Online Enrollment System version 1.0 related to the processing of the /sms/login.php file. Manipulation of the user email argument can lead to SQL...

7.5CVSS7AI score0.00254EPSS
Exploits0References9
euvd
euvd
added 2026/03/07 9:30 a.m.6 views

EUVD-2026-10134

The Infomaniak Connect for OpenID plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'endpointlogin' parameter of the infomaniakconnectgenericauthurl shortcode in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes...

6.4CVSS5.9AI score0.00191EPSS
Exploits0References4
euvd
euvd
added 2026/03/06 3:31 p.m.9 views

EUVD-2018-21622

Net-Billetterie 2.9 contains an SQL injection vulnerability in the login parameter of login.inc.php that allows unauthenticated attackers to execute arbitrary SQL queries. Attackers can submit malicious SQL code through the login POST parameter to extract database information including usernames,...

8.8CVSS6.1AI score0.00232EPSS
Exploits0References3
nvd
nvd
added 2026/03/06 1:15 p.m.6 views

CVE-2018-25167

Net-Billetterie 2.9 contains an SQL injection vulnerability in the login parameter of login.inc.php that allows unauthenticated attackers to execute arbitrary SQL queries. Attackers can submit malicious SQL code through the login POST parameter to extract database information including usernames,...

8.8CVSS0.00232EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/03/06 12:19 p.m.3 views

CVE-2018-25189

Data Center Audit 2.6.2 contains an SQL injection vulnerability in the username parameter of dcalogin.php that allows unauthenticated attackers to execute arbitrary SQL queries. Attackers can submit crafted SQL payloads through POST requests to extract sensitive database information including...

8.8CVSS6.1AI score0.00237EPSS
Exploits0References2Affected Software1
cvelist
cvelist
added 2026/03/06 12:18 p.m.29 views

CVE-2018-25167 Net-Billetterie 2.9 SQL Injection via login.inc.php

Net-Billetterie 2.9 contains an SQL injection vulnerability in the login parameter of login.inc.php that allows unauthenticated attackers to execute arbitrary SQL queries. Attackers can submit malicious SQL code through the login POST parameter to extract database information including usernames,...

8.8CVSS0.00232EPSS
Exploits0References2
cve
cve
added 2026/03/06 12:18 p.m.11 views

CVE-2018-25167

Net-Billetterie 2.9 contains an SQL injection in login.inc.php via the login POST parameter, enabling unauthenticated access to extract credentials (usernames, passwords, system credentials). Affected: Net-Billetterie 2.9, login.inc.php. Impact: confidentiality loss; CVSS v3.1 base 8.2 / v4 base ...

8.8CVSS6.1AI score0.00232EPSS
Exploits0References2
attackerkb
attackerkb
added 2026/03/06 12:18 p.m.4 views

CVE-2018-25167

Net-Billetterie 2.9 contains an SQL injection vulnerability in the login parameter of login.inc.php that allows unauthenticated attackers to execute arbitrary SQL queries. Attackers can submit malicious SQL code through the login POST parameter to extract database information including usernames,...

8.8CVSS6.1AI score0.00232EPSS
Exploits0References2Affected Software1
cnnvd
cnnvd
added 2026/03/06 12:0 a.m.14 views

Net-Billetterie SQL注入漏洞

Net-Billetterie is a web ticketing system developed by Net-Billetterie Inc. Version 2.9 of Net-Billetterie contains a SQL injection vulnerability. This vulnerability stems from the login parameter in the login.inc.php file, which allows for SQL injections, potentially enabling the execution of...

8.8CVSS6.1AI score0.00232EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2026/03/06 12:0 a.m.9 views

PT-2026-23679

Net-Billetterie 2.9 contains an SQL injection vulnerability in the login parameter of login.inc.php that allows unauthenticated attackers to execute arbitrary SQL queries. Attackers can submit malicious SQL code through the login POST parameter to extract database information including usernames,...

8.8CVSS6.1AI score0.00232EPSS
Exploits0References3
cnnvd
cnnvd
added 2026/03/06 12:0 a.m.6 views

GPS Tracking System SQL注入漏洞

GPS Tracking System is a GPS tracking system developed by lahirutm. Version 2.12 of GPS Tracking System has a SQL injection vulnerability. This vulnerability stems from an SQL injection issue with the username parameter in the login.php file, which could allow unverified attackers to bypass...

8.8CVSS5.9AI score0.00284EPSS
Exploits0References2
euvd
euvd
added 2026/02/25 6:31 a.m.8 views

EUVD-2026-8510

A vulnerability was detected in itsourcecode College Management System 1.0. This vulnerability affects unknown code of the file /login/login.php. The manipulation of the argument email results in sql injection. The attack may be performed from remote. The exploit is now public and may be used...

9.8CVSS5.4AI score0.00391EPSS
Exploits1References6
redhatcve
redhatcve
added 2026/02/22 1:28 a.m.4 views

CVE-2019-25438

LabCollector 5.423 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL commands by injecting malicious code through POST parameters. Attackers can submit crafted SQL payloads in the login parameter of login.php or the username parameter of...

8.8CVSS6.4AI score0.00478EPSS
Exploits1References1
osv
osv
added 2026/02/20 11:16 p.m.6 views

CVE-2019-25438

LabCollector 5.423 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL commands by injecting malicious code through POST parameters. Attackers can submit crafted SQL payloads in the login parameter of login.php or the username parameter of...

7.5CVSS6.1AI score0.00478EPSS
Exploits1References3
nvd
nvd
added 2026/02/20 11:16 p.m.5 views

CVE-2019-25438

LabCollector 5.423 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL commands by injecting malicious code through POST parameters. Attackers can submit crafted SQL payloads in the login parameter of login.php or the username parameter of...

8.8CVSS0.00478EPSS
Exploits1References3
cve
cve
added 2026/02/20 10:54 p.m.14 views

CVE-2019-25438

CVE-2019-25438 affects LabCollector 5.423. The vulnerability is multiple SQL injection flaws exploitable by unauthenticated attackers through POST parameters, specifically login.php (login) and retrieve_password.php (user_name), enabling extraction of sensitive database information. No remediatio...

8.8CVSS6.4AI score0.00478EPSS
Exploits1References3Affected Software1
attackerkb
attackerkb
added 2026/02/12 10:48 p.m.3 views

CVE-2019-25320

E Learning Script 1.0 contains an authentication bypass vulnerability that allows attackers to access the dashboard without valid credentials by manipulating login parameters. Attackers can exploit the /login.php file by sending a specific payload '=''or' to bypass authentication and gain...

8.8CVSS5.5AI score0.00308EPSS
Exploits0References3Affected Software1
euvd
euvd
added 2026/02/06 3:32 p.m.9 views

EUVD-2026-5660

A vulnerability was detected in SourceCodester Medical Center Portal Management System 1.0. This affects an unknown function of the file /login.php. The manipulation of the argument User results in sql injection. The attack can be executed remotely. The exploit is now public and may be used...

7.5CVSS7.2AI score0.00326EPSS
Exploits1References5
Rows per page
Query Builder