Sql injection

Multiple SQL injection vulnerabilities in admin/login.php in Wright Way Services Recipe Script 5 allow remote attackers to execute arbitrary SQL commands via the 1 username and 2 Password fields, as reachable from admin/index.php...

CVE-2009-1662

CVE-2009-1662 affects Wright Way Services Recipe Script 5. The vulnerability resides in the admin/login.php component, where the login parameters (username and Password) are susceptible to SQL injection. The issue is reachable from admin/index.php, enabling remote attackers to manipulate SQL quer...

Sql injection

Multiple SQL injection vulnerabilities in microcms-admin-login.php in Implied By Design IBD Micro CMS 3.5 aka 0.3.5 allow remote attackers to execute arbitrary SQL commands via 1 the administratorsusername parameter aka the Username field or 2 the administratorspass parameter aka the Password fie...

CVE-2008-6503

CVE-2008-6503 describes multiple XSS vulnerabilities in PrestaShop 1.1.0.3, exploitable via PATH_INFO to (1) admin/login.php and (2) order.php. The vulnerability is a client-side script injection risk, allowing remote attackers to inject arbitrary web script or HTML as described in NVD. Base scor...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in moziloCMS 1.10.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 page and 2 query parameters to a index.php, 3 cat and 4 file parameters to b download.php, 5 gal parameter to gallery.php, and the 6 URL to...

CVE-2008-6127

CVE-2008-6127 affects moziloCMS

CVE-2008-6127

Multiple cross-site scripting XSS vulnerabilities in moziloCMS 1.10.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 page and 2 query parameters to a index.php, 3 cat and 4 file parameters to b download.php, 5 gal parameter to gallery.php, and the 6 URL to...

Sql injection

SQL injection vulnerability in admin/login.php in PHP-CMS Project 1 allows remote attackers to execute arbitrary SQL commands via the username parameter...

CVE-2009-0407

CVE-2009-0407 affects PHP-CMS Project 1 and is caused by an SQL injection in admin/login.php, exploitable through the username parameter to allow remote execution of arbitrary SQL commands. Connected sources corroborate this vulnerability description; no specific patch version or remediation deta...

CVE-2008-5803

CVE-2008-5803 describes a SQL injection vulnerability in the admin/login.php of E-topbiz Online Store 1.0 . The issue allows remote attackers to execute arbitrary SQL commands through the user parameter (aka username field), potentially impacting data confidentiality and integrity. The NVD entry ...

CVE-2008-5648

DeltaScripts PHP Shop 1.0 is vulnerable to SQL injection in admin/login.php via the admin_username parameter. The underlying issue is an unsafely handled input that allows remote attackers to modify the SQL executed by the application, enabling arbitrary SQL commands. This vulnerability is docume...

CVE-2008-5642

Directory traversal vulnerability in admin/login.php in CMS Made Simple 1.4.1 allows remote attackers to read arbitrary files via a .. dot dot in a cmslanguage cookie...

CMS Made Simple admin/login.php cms_language Cookie Local File Inclusion

The remote host is running CMS Made Simple, a content management system written in PHP. The version of CMS Made Simple installed on the remote host fails to sanitize user-supplied input to the 'cmslanguage' cookie when passed to the 'admin/login.php' script before using it to include PHP code...

CVE-2008-4056

CVE-2008-4056 describes a Cross-site scripting (XSS) vulnerability in the admin/login.php of Matterdaddy Market 1.1 . The issue allows remote attackers to inject arbitrary web script or HTML via the msg parameter. Multiple connected sources corroborate the description. The NVD entry lists a CVSSv...

Sql injection

Multiple SQL injection vulnerabilities in PHPEasyData 1.5.4 allow remote attackers to execute arbitrary SQL commands via 1 the annuaire parameter to annuaire.php or 2 the username field in admin/login.php...

CVE-2008-2995

PHPEasyData 1.5.4 contains multiple SQL injection vulnerabilities that allow remote attackers to execute arbitrary SQL commands. The affected entry notes two injection vectors: (1) the annuaire parameter to annuaire.php and (2) the username field in admin/login.php. The NVD listing documents a CV...

PHPEasyData 1.5.4 - '/admin/login.php?Username' SQL Injection

source: https://www.securityfocus.com/bid/29659/info PHPEasyData is prone to multiple SQL-injection and cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage the cross-site scripting issues to execute arbitrary script code in the...

CVE-2008-0286

CVE-2008-0286 : A SQL injection vulnerability exists in the admin/login.php of Article Dashboard, allowing remote attackers to execute arbitrary SQL commands via the (1) user or (2) password fields. The issue is publicly documented in NVD and CVE records, with no explicit remediation details prov...

CVE-2007-2181

PHP remote file inclusion vulnerability in admin/login.php in Webinsta FM Manager 0.1.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the absolutepath parameter, a different product and vector than CVE-2005-0748...

CVE-2007-0592

CVE-2007-0592 is an XSS vulnerability in EzDatabase 2.1.3. The affected component is EzDatabase’s admin/login.php and the Admin Panel Database, allowing remote attackers to inject arbitrary web script or HTML via unspecified vectors. The NVD entry indicates a CVSSv2 base score of 6.8 (Medium) wit...