Lucene search
K

167 matches found

Cvelist
Cvelist
โ€ขadded 2024/06/06 6:19 p.m.โ€ข27 views

CVE-2024-3102 JSON Injection in mintplex-labs/anything-llm

A JSON Injection vulnerability exists in the mintplex-labs/anything-llm application, specifically within the username parameter during the login process at the /api/request-token endpoint. The vulnerability arises from improper handling of values, allowing attackers to perform brute force attacks...

5.3CVSS0.00453EPSS
Exploits1References2
OSV
OSV
โ€ขadded 2024/06/06 6:19 p.m.โ€ข14 views

CVE-2024-3102 JSON Injection in mintplex-labs/anything-llm

A JSON Injection vulnerability exists in the mintplex-labs/anything-llm application, specifically within the username parameter during the login process at the /api/request-token endpoint. The vulnerability arises from improper handling of values, allowing attackers to perform brute force attacks...

5.3CVSS6.2AI score0.00453EPSS
Exploits1References4
CVE
CVE
โ€ขadded 2024/06/06 6:19 p.m.โ€ข84 views

CVE-2024-3102

CVE-2024-3102 affects mintplex-labs/anything-llm via a JSON Injection in the login flow, specifically the username parameter at /api/request-token. The root cause is improper handling of values, enabling brute-force attempts without prior username knowledge and, once the password is known, blind ...

5.3CVSS5.5AI score0.00453EPSS
Exploits1References2Affected Software1
Exploit DB
Exploit DB
โ€ขadded 2024/04/13 12:0 a.m.โ€ข321 views

Online Fire Reporting System OFRS - SQL Injection Authentication Bypass

Exploit Title: Online Fire Reporting System SQL Injection Authentication Bypass Date: 02/10/2024 Exploit Author: Diyar Saadi Vendor Homepage: https://phpgurukul.com/online-fire-reporting-system-using-php-and-mysql/ Software Link:...

7.4AI score
Exploits0
OSV
OSV
โ€ขadded 2024/04/06 7:15 p.m.โ€ข2 views

CVE-2024-3413

A vulnerability has been found in SourceCodester Human Resource Information System 1.0 and classified as critical. This vulnerability affects unknown code of the file initialize/loginprocess.php. The manipulation of the argument hremail/hrpassword leads to sql injection. The attack can be initiat...

9.8CVSS5.8AI score0.00963EPSS
Exploits1References4
Cvelist
Cvelist
โ€ขadded 2024/04/06 6:31 p.m.โ€ข34 views

CVE-2024-3413 SourceCodester Human Resource Information System login_process.php sql injection

A vulnerability has been found in SourceCodester Human Resource Information System 1.0 and classified as critical. This vulnerability affects unknown code of the file initialize/loginprocess.php. The manipulation of the argument hremail/hrpassword leads to sql injection. The attack can be initiat...

7.5CVSS7.8AI score0.00963EPSS
Exploits1References4
CNNVD
CNNVD
โ€ขadded 2024/04/06 12:0 a.m.โ€ข6 views

Human Resource Information System ๅฎ‰ๅ…จๆผๆดž

Human Resource Information System is a human resource information system. A security vulnerability exists in version 1.0 of the SourceCodester Human Resource Information System, which results from an SQL injection vulnerability in the hremail/hrpassword parameters of the initialize/loginprocess.p...

9.8CVSS7.6AI score0.00963EPSS
Exploits1References5
0day.today
0day.today
โ€ขadded 2024/02/26 12:0 a.m.โ€ข272 views

Simple Inventory Management System v1.0 - (email) SQL Injection Vulnerability

Exploit Title: Simple Inventory Management System v1.0 - 'email' SQL Injection Application: Simple Inventory Management System Bugs: SQL Injection Exploit Author: SoSPiro Vendor Homepage: https://www.sourcecodester.com/ Software Link:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
โ€ขadded 2024/02/26 12:0 a.m.โ€ข250 views

Simple Inventory Management System 1.0 SQL Injection

Exploit Title: Simple Inventory Management System - SQL Injection Google Dork: N/A Application: Simple Inventory Management System Date: 26.02.2024 Bugs: SQL Injection Exploit Author: SoSPiro Vendor Homepage: https://www.sourcecodester.com/ Software Link:...

7.4AI score
Exploits0
CNNVD
CNNVD
โ€ขadded 2024/02/12 12:0 a.m.โ€ข9 views

WordPress Plugin Web3 Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

9.8CVSS6.8AI score0.01773EPSS
Exploits3References2
OSV
OSV
โ€ขadded 2024/02/06 12:0 a.m.โ€ข37 views

CVE-2024-22365

linux-pam aka Linux PAM before 1.6.0 allows attackers to cause a denial of service blocked login process via mkfifo because the openat call for protectdir lacks ODIRECTORY...

5.5CVSS6.5AI score0.00459EPSS
Exploits1References9
RedHat Linux
RedHat Linux
โ€ขadded 2024/01/25 11:15 a.m.โ€ข6 views

kernel: scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress

A vulnerability was found in the Linux kernel's iscsi tcp drivers. Improper resource allocation management can lead to a use-after-free scenario, triggered when the userspace attempts to access the session host's ipaddress attribute while the kernel is performing a session teardown via...

7.8CVSS6.6AI score0.00277EPSS
Exploits0References5
RedHat Linux
RedHat Linux
โ€ขadded 2024/01/25 11:13 a.m.โ€ข2 views

kernel: scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress

A vulnerability was found in the Linux kernel's iscsi tcp drivers. Improper resource allocation management can lead to a use-after-free scenario, triggered when the userspace attempts to access the session host's ipaddress attribute while the kernel is performing a session teardown via...

7.8CVSS6.6AI score0.00277EPSS
Exploits0References5
OSV
OSV
โ€ขadded 2024/01/08 10:15 a.m.โ€ข5 views

CVE-2024-0307

A vulnerability was found in Kashipara Dynamic Lab Management System up to 1.0. It has been declared as critical. This vulnerability affects unknown code of the file loginprocess.php. The manipulation of the argument password leads to sql injection. The attack can be initiated remotely. The explo...

7.5CVSS6.8AI score0.00733EPSS
Exploits1References3
Positive Technologies
Positive Technologies
โ€ขadded 2024/01/08 12:0 a.m.โ€ข6 views

PT-2024-15457 ยท Unknown ยท Kashipara Dynamic Lab Management System

Name of the Vulnerable Software and Affected Versions: Kashipara Dynamic Lab Management System versions up to 1.0 Description: A critical issue was found in the system, affecting an unknown part of the file /admin/admin login process.php. The manipulation of the admin password argument leads to S...

7.5CVSS7.8AI score0.00668EPSS
Exploits1References7
CNNVD
CNNVD
โ€ขadded 2024/01/08 12:0 a.m.โ€ข8 views

Kashipara Dynamic Lab Management System SQL Injection Vulnerability

Kashipara Dynamic Lab Management System is a dynamic lab management system from Kashipara. A SQL injection vulnerability exists in Kashipara Dynamic Lab Management System 1.0 and earlier versions, which originates from a SQL injection vulnerability in the file /admin/adminloginprocess.php...

7.5CVSS7.9AI score0.00668EPSS
Exploits1References4
Positive Technologies
Positive Technologies
โ€ขadded 2024/01/08 12:0 a.m.โ€ข6 views

PT-2024-15458 ยท Unknown ยท Kashipara Dynamic Lab Management System

Name of the Vulnerable Software and Affected Versions: Kashipara Dynamic Lab Management System versions up to 1.0 Description: A critical vulnerability has been found in the Kashipara Dynamic Lab Management System. The issue affects unknown code in the file login process.php. The manipulation of...

7.5CVSS8.2AI score0.00733EPSS
Exploits1References8
CNNVD
CNNVD
โ€ขadded 2024/01/08 12:0 a.m.โ€ข5 views

Kashipara Dynamic Lab Management System SQL Injection Vulnerability

Kashipara Dynamic Lab Management System is a dynamic lab management system from Kashipara. A SQL injection vulnerability exists in Kashipara Dynamic Lab Management System 1.0 and earlier versions, which originates from a SQL injection vulnerability in the file loginprocess.php...

7.5CVSS7.9AI score0.00733EPSS
Exploits1References4
CNVD
CNVD
โ€ขadded 2023/08/14 12:0 a.m.โ€ข18 views

Hospital Management System SQL Injection Vulnerability (CNVD-2023-64629)

A Hospital Management System HMS is a computerized system that helps manage healthcare-related information and helps healthcare providers do their jobs effectively. A SQL injection vulnerability exists in Hospital Management System version V1.0, which stems from the application's inability to...

9.8CVSS7.8AI score0.00815EPSS
Exploits1References1
NVD
NVD
โ€ขadded 2023/08/10 1:15 p.m.โ€ข17 views

CVE-2023-37069

Code-Projects Online Hospital Management System V1.0 is vulnerable to SQL Injection SQLI attacks, which allow an attacker to manipulate the SQL queries executed by the application. The application fails to properly validate user-supplied input in the login id and password fields during the login...

9.8CVSS9.9AI score0.00815EPSS
Exploits1References3
Rows per page
Query Builder