2652 matches found
CVE-2019-25494 Homey BNB V4 SQL Injection Authentication Bypass via Admin Panel
Homey BNB V4 contains an SQL injection vulnerability in the administration panel login that allows unauthenticated attackers to bypass authentication by injecting SQL syntax into username and password fields. Attackers can submit SQL operators like '=' 'or' in both credentials to manipulate the...
📄 AMSS++ 4.7 Backdoor Admin Account
AMSS++ version 4.7 has a hardcoded backdoor administrative account. Title: AMSS++ 4.7 - Backdoor Admin Account Author: indoushka Date: 2020-02-23 Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 65.032-bit Vendor : http://amssplus.ubn4.go.th/amssplusdownload/amssplus431install.ra...
CVE-2026-2690
A flaw has been found in itsourcecode Event Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/ajax.php?action=login of the component Admin Login. This manipulation of the argument Username causes sql injection. It is possible to initiate the atta...
CVE-2026-2690
A flaw has been found in itsourcecode Event Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/ajax.php?action=login of the component Admin Login. This manipulation of the argument Username causes sql injection. It is possible to initiate the atta...
CVE-2026-2690
A flaw has been found in itsourcecode Event Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/ajax.php?action=login of the component Admin Login. This manipulation of the argument Username causes sql injection. It is possible to initiate the atta...
CVE-2026-2690 itsourcecode Event Management System Admin Login ajax.php sql injection
A flaw has been found in itsourcecode Event Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/ajax.php?action=login of the component Admin Login. This manipulation of the argument Username causes sql injection. It is possible to initiate the atta...
CVE-2026-2690
The affected product is itsourcecode Event Management System 1.0. The vulnerability lies in the Admin Login function, specifically /admin/ajax.php?action=login, where manipulation of the Username parameter triggers SQL injection. Exploitation is possible remotely, and an exploit has been publishe...
PT-2026-20569
Name of the Vulnerable Software and Affected Versions itsourcecode Event Management System version 1.0 Description A flaw exists in itsourcecode Event Management System version 1.0 related to SQL injection. The issue is located in the Admin Login functionality, specifically within the...
CVE-2025-70866
LavaLite CMS 10.1.0 is vulnerable to Incorrect Access Control. An authenticated user with low-level privileges User role can directly access the admin backend by logging in through /admin/login. The vulnerability exists because the admin and user authentication guards share the same user provider...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization via the admin/login process. An attacker can gain unauthorized access to administrative backend functionality by leveraging insufficient role-based access control checks during authentication. This is only...
CVE-2025-70866
LavaLite CMS 10.1.0 is vulnerable to Incorrect Access Control. An authenticated user with low-level privileges User role can directly access the admin backend by logging in through /admin/login. The vulnerability exists because the admin and user authentication guards share the same user provider...
CVE-2025-70866
LavaLite CMS 10.1.0 is vulnerable to Incorrect Access Control. An authenticated user with low-level privileges User role can directly access the admin backend by logging in through /admin/login. The vulnerability exists because the admin and user authentication guards share the same user provider...
CVE-2019-25335
PRO-7070 Hazır Profesyonel Web Sitesi version 1.0 contains an authentication bypass vulnerability in the administration panel login page. Attackers can bypass authentication by using '=' 'or' as both username and password to gain unauthorized access to the administrative interface...
CVE-2019-25322
Heatmiser Netmonitor 3.03 contains a hardcoded credentials vulnerability in the networkSetup.htm page with predictable admin login credentials. Attackers can access the device by using the hard-coded username 'admin' and password 'admin' in the hidden form input fields...
CVE-2019-25335
CVE-2019-25335 affects PRO-7070 Hazır Profesyonel Web Sitesi version 1.0. The vulnerability is an authentication bypass in the administration panel login page, allowing an attacker to gain unauthorized access by supplying the username and password both as = or as the string 'or'. The exploitation...
CVE-2019-25335 PRO-7070 Hazır Profesyonel Web Sitesi 1.0 - Authentication Bypass
PRO-7070 Hazır Profesyonel Web Sitesi version 1.0 contains an authentication bypass vulnerability in the administration panel login page. Attackers can bypass authentication by using '=' 'or' as both username and password to gain unauthorized access to the administrative interface...
CVE-2019-25335
PRO-7070 Hazır Profesyonel Web Sitesi version 1.0 contains an authentication bypass vulnerability in the administration panel login page. Attackers can bypass authentication by using '=' 'or' as both username and password to gain unauthorized access to the administrative interface...
CVE-2019-25322 Heatmiser Netmonitor 3.03 - Hardcoded Credentials
Heatmiser Netmonitor 3.03 contains a hardcoded credentials vulnerability in the networkSetup.htm page with predictable admin login credentials. Attackers can access the device by using the hard-coded username 'admin' and password 'admin' in the hidden form input fields...
CVE-2019-25322
Heatmiser Netmonitor 3.03 contains a hardcoded admin/admin credential in the networkSetup.htm page, enabling authenticated access to the device without user interaction. Root cause: hardcoded credentials in the web interface; vulnerable component is the networkSetup.htm form input. Impact: high c...
CVE-2019-25322
Heatmiser Netmonitor 3.03 contains a hardcoded credentials vulnerability in the networkSetup.htm page with predictable admin login credentials. Attackers can access the device by using the hard-coded username 'admin' and password 'admin' in the hidden form input fields...