EUVD-2026-32278

In Slican telephone exchanges it is possible to manage the control panel remotely. An unauthenticated attacker can connect to the modem via a telephone with a specific caller ID. This allows them to bypass admin authentication and gain full access to the service protocol and configuration panel...

CVE-2026-35090

CVE-2026-35090 describes an authentication bypass in Slican telephone exchanges, allowing an unauthenticated attacker to remotely manage the control panel by dialing a specific caller ID. The issue enables bypass of admin authentication and full access to the service protocol and configuration pa...

PT-2026-30507

eDirectory contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to bypass administrator authentication and disclose sensitive files by injecting SQL code into parameters. Attackers can exploit the key parameter in the login endpoint with union-based SQL injection t...

CVE-2026-25878

FroshAdminer (Shopware Platform) vulnerable in versions prior to 2.2.1 where the Adminer UI at /admin/adminer was exposed without Shopware admin authentication due to auth_required=false and no session validation. This allowed unauthenticated access to the Adminer UI, with a potentially limited i...

CVE-2025-69971

FUXA v1.2.7 contains a hard-coded credential vulnerability in server/api/jwt-helper.js. The application uses a hard-coded secret key to sign and verify JWT Tokens. This allows remote attackers to forge valid admin tokens and bypass authentication to gain full administrative access...

EUVD-2024-34578

Malicious code in bioql PyPI...

Toshiba e-STUDIO Security Vulnerability

Toshiba e-STUDIO is a series of high-end office multifunction printers from Toshiba Japan. A security vulnerability exists in Toshiba e-STUDIO that originates from an administrator authentication process that can be bypassed to access multifunction device system information and web pages for...

CVE-2024-27198

In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible...

PT-2023-22043 · Unknown · Wpmobile.App

Name of the Vulnerable Software and Affected Versions: WPMobile.App versions prior to 11.20 Description: A Stored Cross-Site Scripting XSS vulnerability exists, allowing authentication bypass for admin+ users. Recommendations: For versions prior to 11.20, update to a version that contains a fix f...

CVE-2021-44653

Online Magazine Management System 1.0 contains a SQL injection authentication bypass vulnerability. The Admin panel authentication can be bypassed due to SQL injection vulnerability in the login form allowing attacker to gain access as admin to the application...

CVE-2021-37580

A flaw was found in Apache ShenYu Admin. The incorrect use of JWT in ShenyuAdminBootstrap allows an attacker to bypass authentication. This issue affected Apache ShenYu 2.3.0 and 2.4.0...

Sourcecodester Simple College Website SQL Injection Vulnerability (CNVD-2021-95934)

Sourcecodester Simple College Website is a content management system from Sourcecodester. Sourcecodester Simple College Website suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in database-based applications, which can be exploit...

Online Movie Streaming 1.0 SQL Injection

Exploit Title: Online Movie Streaming 1.0 - Admin Authentication Bypass Exploit Author: Richard Jones Date: 2021-01-13 Vendor Homepage: https://www.sourcecodester.com/php/14640/online-movie-streaming-php-full-source-code.html Software Link:...

Online Hotel Reservation 1.0 SQL Injection

Exploit Title: Online Hotel Reservation 1.0 - Admin Authentication Bypass Exploit Author: Richard Jones Note: Shout out to boku Bobby Cooke for helping me get started on 0day's!! Date: 2021-01-13 Vendor Homepage:...

Online Hotel Reservation System 1.0 - Admin Authentication Bypass

Exploit Title: Online Hotel Reservation System 1.0 - Admin Authentication Bypass Exploit Author: Richard Jones Date: 2021-01-13 Vendor Homepage: https://www.sourcecodester.com/php/13492/online-hotel-reservation-system-phpmysqli.html Software Link:...

CubeCart 6.1.12 - Admin Authentication Bypass

I Forgot My Password! Both vulnerabilities are exploitable through CubeCarts "I forgot my Password!" functionality. It is implemented in the file classes/cubecart.class.php, in the method recovery. When a user forgot his password, he can use this feature to enter his email address, a valid passwo...

CVE-2017-17777

Paid To Read Script 2.0.5 has authentication bypass in the admin panel via a direct request, as demonstrated by the admin/viewvisitcamp.php fn parameter and the admin/userview.php uid parameter...

Ministry Web Designing Multiple Vulnerabilities

Exploit for php platform in category web applications Exploit Title: Ministry Web Designing Multiple Vulnerabilities Google Dork: Not for noobs :D Date: 4-8-2015 Exploit Author: R3NW4 Platform: WebApps Vendor Homepage http://www.ministrywebdesigning.com/ Version: All versions Tested on: LinuxDebi...

nodez <= 4.6.1.1 mercury Multiple Vulnerabilities

No description provided by source. !/usr/bin/php -q -d shortopentag=on ? echo Nodez 4.6.1.1 Mercury possibly prior versions multiple vulnerabilities\r\n; echo by rgod [email protected]\r\n; echo site: http://retrogod.altervista.org\r\n\r\n; / software: site: nodez.greentinted.com/ description:...

psipuss 1.0 - Multiple Remote SQL Injection Vulnerabilities

No description provided by source. ...:::::psipuss version 1.0 SQL Injection Vulnerabilities ::::.... Virangar Security Team www.virangar.net www.virangar.ir -------- Discoverd By :virangar security teamhadihadi special tnx to:MR.nosrati,black.shadowes,MR.hesy,Zahra & all virangar members & all...