167 matches found
CVE-2024-3102 JSON Injection in mintplex-labs/anything-llm
A JSON Injection vulnerability exists in the mintplex-labs/anything-llm application, specifically within the username parameter during the login process at the /api/request-token endpoint. The vulnerability arises from improper handling of values, allowing attackers to perform brute force attacks...
CVE-2024-3102 JSON Injection in mintplex-labs/anything-llm
A JSON Injection vulnerability exists in the mintplex-labs/anything-llm application, specifically within the username parameter during the login process at the /api/request-token endpoint. The vulnerability arises from improper handling of values, allowing attackers to perform brute force attacks...
CVE-2024-3102
CVE-2024-3102 affects mintplex-labs/anything-llm via a JSON Injection in the login flow, specifically the username parameter at /api/request-token. The root cause is improper handling of values, enabling brute-force attempts without prior username knowledge and, once the password is known, blind ...
Online Fire Reporting System OFRS - SQL Injection Authentication Bypass
Exploit Title: Online Fire Reporting System SQL Injection Authentication Bypass Date: 02/10/2024 Exploit Author: Diyar Saadi Vendor Homepage: https://phpgurukul.com/online-fire-reporting-system-using-php-and-mysql/ Software Link:...
CVE-2024-3413
A vulnerability has been found in SourceCodester Human Resource Information System 1.0 and classified as critical. This vulnerability affects unknown code of the file initialize/loginprocess.php. The manipulation of the argument hremail/hrpassword leads to sql injection. The attack can be initiat...
CVE-2024-3413 SourceCodester Human Resource Information System login_process.php sql injection
A vulnerability has been found in SourceCodester Human Resource Information System 1.0 and classified as critical. This vulnerability affects unknown code of the file initialize/loginprocess.php. The manipulation of the argument hremail/hrpassword leads to sql injection. The attack can be initiat...
Human Resource Information System ๅฎๅ จๆผๆด
Human Resource Information System is a human resource information system. A security vulnerability exists in version 1.0 of the SourceCodester Human Resource Information System, which results from an SQL injection vulnerability in the hremail/hrpassword parameters of the initialize/loginprocess.p...
Simple Inventory Management System v1.0 - (email) SQL Injection Vulnerability
Exploit Title: Simple Inventory Management System v1.0 - 'email' SQL Injection Application: Simple Inventory Management System Bugs: SQL Injection Exploit Author: SoSPiro Vendor Homepage: https://www.sourcecodester.com/ Software Link:...
Simple Inventory Management System 1.0 SQL Injection
Exploit Title: Simple Inventory Management System - SQL Injection Google Dork: N/A Application: Simple Inventory Management System Date: 26.02.2024 Bugs: SQL Injection Exploit Author: SoSPiro Vendor Homepage: https://www.sourcecodester.com/ Software Link:...
WordPress Plugin Web3 Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
CVE-2024-22365
linux-pam aka Linux PAM before 1.6.0 allows attackers to cause a denial of service blocked login process via mkfifo because the openat call for protectdir lacks ODIRECTORY...
kernel: scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress
A vulnerability was found in the Linux kernel's iscsi tcp drivers. Improper resource allocation management can lead to a use-after-free scenario, triggered when the userspace attempts to access the session host's ipaddress attribute while the kernel is performing a session teardown via...
kernel: scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress
A vulnerability was found in the Linux kernel's iscsi tcp drivers. Improper resource allocation management can lead to a use-after-free scenario, triggered when the userspace attempts to access the session host's ipaddress attribute while the kernel is performing a session teardown via...
CVE-2024-0307
A vulnerability was found in Kashipara Dynamic Lab Management System up to 1.0. It has been declared as critical. This vulnerability affects unknown code of the file loginprocess.php. The manipulation of the argument password leads to sql injection. The attack can be initiated remotely. The explo...
PT-2024-15457 ยท Unknown ยท Kashipara Dynamic Lab Management System
Name of the Vulnerable Software and Affected Versions: Kashipara Dynamic Lab Management System versions up to 1.0 Description: A critical issue was found in the system, affecting an unknown part of the file /admin/admin login process.php. The manipulation of the admin password argument leads to S...
Kashipara Dynamic Lab Management System SQL Injection Vulnerability
Kashipara Dynamic Lab Management System is a dynamic lab management system from Kashipara. A SQL injection vulnerability exists in Kashipara Dynamic Lab Management System 1.0 and earlier versions, which originates from a SQL injection vulnerability in the file /admin/adminloginprocess.php...
PT-2024-15458 ยท Unknown ยท Kashipara Dynamic Lab Management System
Name of the Vulnerable Software and Affected Versions: Kashipara Dynamic Lab Management System versions up to 1.0 Description: A critical vulnerability has been found in the Kashipara Dynamic Lab Management System. The issue affects unknown code in the file login process.php. The manipulation of...
Kashipara Dynamic Lab Management System SQL Injection Vulnerability
Kashipara Dynamic Lab Management System is a dynamic lab management system from Kashipara. A SQL injection vulnerability exists in Kashipara Dynamic Lab Management System 1.0 and earlier versions, which originates from a SQL injection vulnerability in the file loginprocess.php...
Hospital Management System SQL Injection Vulnerability (CNVD-2023-64629)
A Hospital Management System HMS is a computerized system that helps manage healthcare-related information and helps healthcare providers do their jobs effectively. A SQL injection vulnerability exists in Hospital Management System version V1.0, which stems from the application's inability to...
CVE-2023-37069
Code-Projects Online Hospital Management System V1.0 is vulnerable to SQL Injection SQLI attacks, which allow an attacker to manipulate the SQL queries executed by the application. The application fails to properly validate user-supplied input in the login id and password fields during the login...