24 matches found
CVE-2018-25201
School Management System CMS 1.0 contains an SQL injection vulnerability in the admin login functionality that allows attackers to bypass authentication by injecting SQL code through the username parameter. Attackers can submit malicious payloads using boolean-based blind SQL injection techniques...
EUVD-2018-21661
School Management System CMS 1.0 contains an SQL injection vulnerability in the admin login functionality that allows attackers to bypass authentication by injecting SQL code through the username parameter. Attackers can submit malicious payloads using boolean-based blind SQL injection techniques...
EUVD-2018-21659
Wecodex Hotel CMS 1.0 contains an SQL injection vulnerability in the admin login functionality that allows unauthenticated attackers to bypass authentication by injecting SQL code. Attackers can submit malicious SQL payloads through the username parameter in POST requests to index.php with...
CVE-2018-25201
School Management System CMS 1.0 contains an SQL injection vulnerability in the admin login functionality that allows attackers to bypass authentication by injecting SQL code through the username parameter. Attackers can submit malicious payloads using boolean-based blind SQL injection techniques...
CVE-2018-25201
School Management System CMS 1.0 contains an SQL injection vulnerability in the admin login functionality that allows attackers to bypass authentication by injecting SQL code through the username parameter. Attackers can submit malicious payloads using boolean-based blind SQL injection techniques...
CVE-2018-25201 School Management System CMS 1.0 Admin Login SQL Injection
School Management System CMS 1.0 contains an SQL injection vulnerability in the admin login functionality that allows attackers to bypass authentication by injecting SQL code through the username parameter. Attackers can submit malicious payloads using boolean-based blind SQL injection techniques...
PT-2026-28238
School Management System CMS 1.0 contains an SQL injection vulnerability in the admin login functionality that allows attackers to bypass authentication by injecting SQL code through the username parameter. Attackers can submit malicious payloads using boolean-based blind SQL injection techniques...
CVE-2024-44541
evilnapsis Inventio Lite Versions v4 and before is vulnerable to SQL Injection via the "username" parameter in "/?action=processlogin."...
CVE-2023-1130
A vulnerability, which was classified as critical, was found in SourceCodester Computer Parts Sales and Inventory System 1.0. This affects an unknown part of the file processlogin. The manipulation of the argument user leads to sql injection. It is possible to initiate the attack remotely. The...
CVE-2024-44541
evilnapsis Inventio Lite Versions v4 and before is vulnerable to SQL Injection via the "username" parameter in "/?action=processlogin."...
CVE-2024-44541
evilnapsis Inventio Lite Versions v4 and before is vulnerable to SQL Injection via the "username" parameter in "/?action=processlogin."...
Inventio Lite SQL注入漏洞
Inventio Lite is a general purpose inventory and sales system. A security vulnerability exists in Inventio Lite v4 and prior versions that stems from vulnerability to SQL injection attacks via the username parameter in /?action=processlogin...
CVE-2024-44541
Inventio Lite v4 and earlier is vulnerable to SQL Injection via the username parameter in /?action=processlogin. The issue arises from building an SQL query with user-supplied input (email/username) and password without proper parameter binding, enabling bypass of authentication and potential dat...
CVE-2024-44541
evilnapsis Inventio Lite Versions v4 and before is vulnerable to SQL Injection via the "username" parameter in "/?action=processlogin."...
CVE-2023-1130
A vulnerability, which was classified as critical, was found in SourceCodester Computer Parts Sales and Inventory System 1.0. This affects an unknown part of the file processlogin. The manipulation of the argument user leads to sql injection. It is possible to initiate the attack remotely. The...
Sql injection
A vulnerability, which was classified as critical, was found in SourceCodester Computer Parts Sales and Inventory System 1.0. This affects an unknown part of the file processlogin. The manipulation of the argument user leads to sql injection. It is possible to initiate the attack remotely. The...
SourceCodester Computer Parts Sales and Inventory System SQL注入漏洞
Computer Parts Sales and Inventory System is a computer parts sales and inventory system by Warren Daloyan, an individual developer. A SQL injection vulnerability exists in SourceCodester Computer Parts Sales and Inventory System version 1.0, which originates from an unknown part of the...
PT-2023-16776 · Sourcecodester · Computer Parts Sales/Inventory System
Name of the Vulnerable Software and Affected Versions: SourceCodester Computer Parts Sales and Inventory System version 1.0 Description: A critical issue was found in the system, affecting an unknown part of the file processlogin. The manipulation of the user argument leads to SQL injection. It i...
CVE-2022-26959
There are two full read/write Blind/Time-based SQL injection vulnerabilities in the Northstar Club Management version 6.3 application. The vulnerabilities exist in the userName parameter of the processlogin.jsp page in the /northstar/Portal/ directory and the userID parameter of the login.jsp pag...
Sourcecodehero ERP System Project SQL注入漏洞
Sourcecodehero ERP System Project is a self-hosted ERP system from Sourcecodehero. Sourcecodehero ERP System Project suffers from a SQL injection vulnerability that originates from unknown processing in /pages/processlogin.php...