49 matches found
CVE-2026-10208
A flaw has been found in code-projects Online Hospital Management System 1.php. This impacts the function loginuser of the file login1.php. Executing a manipulation of the argument Username can lead to sql injection. The attack can be executed remotely. The exploit has been published and may be...
CVE-2026-10208 code-projects Online Hospital Management System login_1.php login_user sql injection
A flaw has been found in code-projects Online Hospital Management System 1.php. This impacts the function loginuser of the file login1.php. Executing a manipulation of the argument Username can lead to sql injection. The attack can be executed remotely. The exploit has been published and may be...
CVE-2026-10208
The CVE-2026-10208 entry concerns code-projects Online Hospital Management System 1.php, specifically the login_user function in login_1.php. A flaw allows manipulation of the Username argument to trigger a remote SQL injection, enabling an attacker to compromise authentication. The exploit has b...
CVE-2021-47966
PHP Timeclock 1.04 contains time-based and boolean-based blind SQL injection vulnerabilities in the loginuserid parameter of login.php that allows unauthenticated attackers to extract database contents. Attackers can submit crafted POST requests with SQL payloads using SLEEP functions or RLIKE...
CVE-2021-47966 PHP Timeclock 1.04 SQL Injection via login.php
PHP Timeclock 1.04 contains time-based and boolean-based blind SQL injection vulnerabilities in the loginuserid parameter of login.php that allows unauthenticated attackers to extract database contents. Attackers can submit crafted POST requests with SQL payloads using SLEEP functions or RLIKE...
CVE-2021-47966 PHP Timeclock 1.04 SQL Injection via login.php
PHP Timeclock 1.04 contains time-based and boolean-based blind SQL injection vulnerabilities in the loginuserid parameter of login.php that allows unauthenticated attackers to extract database contents. Attackers can submit crafted POST requests with SQL payloads using SLEEP functions or RLIKE...
EUVD-2021-34819
PHP Timeclock 1.04 contains time-based and boolean-based blind SQL injection vulnerabilities in the loginuserid parameter of login.php that allows unauthenticated attackers to extract database contents. Attackers can submit crafted POST requests with SQL payloads using SLEEP functions or RLIKE...
PT-2026-35436
A vulnerability has been found in code-projects Online Lot Reservation System up to 1.0. The impacted element is an unknown function of the file /loginuser.php. The manipulation of the argument email/password leads to sql injection. It is possible to initiate the attack remotely. The exploit has...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the login UI due to improper handling of the default redirect URI. An attacker can execute arbitrary JavaScript code in the victim's browser by setting a malicious redirect URI, potentially allowing them to...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the login UI due to improper handling of the default redirect URI. An attacker can execute arbitrary JavaScript code in the victim's browser by setting a malicious redirect URI, potentially allowing them to...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the login UI due to improper handling of the default redirect URI. An attacker can execute arbitrary JavaScript code in the victim's browser by setting a malicious redirect URI, potentially allowing them to...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the login UI due to improper handling of the default redirect URI. An attacker can execute arbitrary JavaScript code in the victim's browser by setting a malicious redirect URI, potentially allowing them to...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS in the login UI due to improper handling of the default redirect URI. An attacker can execute arbitrary JavaScript code in the victim's browser by setting a malicious redirect URI, potentially allowing them to...
Infor Storefront B2B SQL Injection Vulnerability
Infor Storefront B2B is an e-commerce platform provided by Infor Corporation in the United States. Version 1.0 of Infor Storefront B2B has a SQL injection vulnerability. This vulnerability stems from improper handling of the usrname parameter in login requests, which may lead to SQL injection...
CVE-2021-47801 Vianeos OctoPUS 5 - 'login_user' SQLi
Vianeos OctoPUS 5 contains a time-based blind SQL injection vulnerability in the 'loginuser' parameter during authentication requests. Attackers can exploit this vulnerability by crafting malicious POST requests with specially constructed SQL payloads that trigger database sleep functions to...
CVE-2021-47801
Vianeos OctoPUS 5 contains a time-based blind SQL injection vulnerability in the 'loginuser' parameter during authentication requests. Attackers can exploit this vulnerability by crafting malicious POST requests with specially constructed SQL payloads that trigger database sleep functions to...
PT-2026-3172
Vianeos OctoPUS 5 contains a time-based blind SQL injection vulnerability in the 'login user' parameter during authentication requests. Attackers can exploit this vulnerability by crafting malicious POST requests with specially constructed SQL payloads that trigger database sleep functions to...
Server-side Request Forgery (SSRF)
Overview github.com/zitadel/zitadel/internal/api/oidc is a package for identity infrastructure Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the x-zitadel-forward-host header handling in the login UI. An attacker can access internal resources and...
EUVD-2006-7070
Malware in sbrugna...
EUVD-2018-3426
Malware in sbrugna...