427 matches found
CVE-2019-25438
CVE-2019-25438 affects LabCollector 5.423. The vulnerability is multiple SQL injection flaws exploitable by unauthenticated attackers through POST parameters, specifically login.php (login) and retrieve_password.php (user_name), enabling extraction of sensitive database information. No remediatio...
CVE-2019-25320
E Learning Script 1.0 contains an authentication bypass vulnerability that allows attackers to access the dashboard without valid credentials by manipulating login parameters. Attackers can exploit the /login.php file by sending a specific payload '=''or' to bypass authentication and gain...
EUVD-2026-5660
A vulnerability was detected in SourceCodester Medical Center Portal Management System 1.0. This affects an unknown function of the file /login.php. The manipulation of the argument User results in sql injection. The attack can be executed remotely. The exploit is now public and may be used...
CVE-2026-2057
CVE-2026-2057 affects SourceCodester Medical Center Portal Management System 1.0. The vulnerability exists in an unknown function within the /login.php file, where manipulation of the User argument enables SQL injection. This can be exploited remotely and, according to connected sources, the expl...
SourceCodester Medical Center Portal Management System SQL注入漏洞
The SourceCodester Medical Center Portal Management System is an open-source portal management system developed by SourceCodester. Version 1.0 of the SourceCodester Medical Center Portal Management System contains a SQL injection vulnerability. This vulnerability arises from incorrect handling of...
CVE-2020-37033 Infor Storefront B2B 1.0 - 'usr_name' SQL Injection
Infor Storefront B2B 1.0 contains a SQL injection vulnerability that allows attackers to manipulate database queries through the 'usrname' parameter in login requests. Attackers can exploit the vulnerability by injecting malicious SQL code into the 'usrname' parameter to potentially extract or...
PT-2026-5474
Name of the Vulnerable Software and Affected Versions Infor Storefront B2B version 1.0 Description Infor Storefront B2B version 1.0 contains a SQL injection issue that allows attackers to manipulate database queries. This is achieved through the usr name parameter within login requests. Attackers...
CVE-2026-22912
Improper validation of a login parameter may allow attackers to redirect users to malicious websites after authentication. This can lead to various risk including stealing credentials from unsuspecting users...
CVE-2026-22912
Improper validation of a login parameter may allow attackers to redirect users to malicious websites after authentication. This can lead to various risk including stealing credentials from unsuspecting users...
CVE-2026-22912
Improper validation of a login parameter may allow attackers to redirect users to malicious websites after authentication. This can lead to various risk including stealing credentials from unsuspecting users...
EUVD-2026-2810
Improper validation of a login parameter may allow attackers to redirect users to malicious websites after authentication. This can lead to various risk including stealing credentials from unsuspecting users...
CVE-2026-22912
Improper validation of a login parameter may allow attackers to redirect users to malicious websites after authentication. This can lead to various risk including stealing credentials from unsuspecting users...
CVE-2026-22912
Improper validation of a login parameter may allow attackers to redirect users to malicious websites after authentication. This can lead to various risk including stealing credentials from unsuspecting users...
CVE-2026-22912
Improper validation of a login parameter may allow attackers to redirect users to malicious websites after authentication. This can lead to various risk including stealing credentials from unsuspecting users...
CVE-2026-22912
CVE-2026-22912 describes improper validation of a login parameter that may redirect authenticated users to malicious websites, potentially enabling credential theft. Multiple feeds (Red Hat, CIRCL, NVD, SICK PSIRT, CVE lists) repeat the same description; no concrete exploit code, affected product...
PT-2026-2993
Name of the Vulnerable Software and Affected Versions affected versions not specified Description Improper validation of a login parameter may allow attackers to redirect users to malicious websites after authentication, potentially leading to credential theft. Recommendations At the moment, ther...
CVE-2025-41006 Multiple vulnerabilities in Imaster products Open configuration options
Imaster's MEMS Events CRM contains an SQL injection vulnerability in ‘phone’ parameter in ‘/memsdemo/login.php’...
CVE-2023-43381
SQL Injection vulnerability in Tianchoy Blog v.1.8.8 allows a remote attacker to obtain sensitive information via the id parameter in the login.php...
CVE-2020-12273
In TestLink 1.9.20, a crafted login.php viewer parameter exposes cleartext credentials...
CVE-2025-59379
DwyerOmega Isensix Advanced Remote Monitoring System ARMS 1.5.7 allows an attacker to retrieve sensitive information from the underlying SQL database via Blind SQL Injection through the user parameter in the login page. This allows an attacker to steal credentials, which may be cleartext, from...