Sql injection

Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the loginid parameter at adminlogin.php...

CVE-2022-23364

HMS v1.0 was discovered to contain a SQL injection vulnerability via adminlogin.php...

Sql injection

HMS v1.0 was discovered to contain a SQL injection vulnerability via adminlogin.php...

CVE-2022-23364

CVE-2022-23364 affects HMS v1.0 and is described as a SQL injection vulnerability exploitable via the adminlogin.php endpoint. The connected documents corroborate a SQL injection issue in HMS, but do not provide concrete exploit details, affected versions beyond v1.0, or remediation steps. The im...

CVE-2022-23364

HMS v1.0 was discovered to contain a SQL injection vulnerability via adminlogin.php...

osCMax 2.5 - adminlogin.php?Username Cross-Site Scripting

osCMax 2.5 - adminlogin.php?Username Cross-Site Scripting source: https://www.securityfocus.com/bid/52886/info osCMax is prone to multiple SQL-injection vulnerabilities and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. Exploiting thes...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in osDate 2.1.9 and 2.5.4, when magicquotesgpc is disabled and registerglobals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the configforuminstalled parameter to 1 forum/adminLogin.php and 2 forum/userLogin.php...

Sql injection

Multiple SQL injection vulnerabilities in adminlogin.php in Baal Systems 3.8 and earlier allow remote attackers to execute arbitrary SQL commands via the 1 username and 2 password parameters...

CVE-2010-0611

CVE-2010-0611 describes multiple SQL injection vulnerabilities in Baal Systems' adminlogin.php (versions 3.8 and earlier). The underlying issue allows remote attackers to inject SQL commands through the username or password parameters, potentially compromising data confidentiality and integrity a...

Baal Systems 3.8 SQL Injection

Baal Systems + Download : http://scripts.ringsworld.com/discussion-boards/baalsystems3-8/ + Vuln Code : adminlogin.php + PoC : BaalSystemspath/adminlogin.php username: ' or' 1=1 Password: ' or' 1=1...

Baal Systems <= 3.8 (Auth Bypass) SQL Injection Vulnerability

No description provided by source. + Baal Systems = 3.8 Auth Bypass SQL Injection Vulnerability + Discovered by cr4wl3r cr4wl3r!linuxmail.org + Vuln Code : adminlogin.php ?php include"common.php"; if !empty$POST'password' $username = $POST'username'; $password = $POST'password'; $query = "select...

Baal Systems <= 3.8 (Auth Bypass) SQL Injection Vulnerability

Exploit for unknown platform in category web applications ============================================================= Baal Systems + PoC...

Baal Systems 3.8 - Authentication Bypass

Baal Systems 3.8 - Authentication Bypass + Baal Systems + Vuln Code : adminlogin.php + PoC : BaalSystemspath/adminlogin.php username: ' or' 1=1 Password: ' or' 1=1...

CVE-2008-5058

CVE-2008-5058 describes an SQL injection flaw in Pre Simple CMS: the file at siteadmin/loginsucess.php allows remote attackers to execute arbitrary SQL commands via the user parameter, accessible from siteadmin/adminlogin.php . The issue is cited in multiple sources (e.g., NVD) with a high impact...

Nukeviet 2.0 - adminlogin.php Cookie Authentication Bypass

Nukeviet 2.0 - adminlogin.php Cookie Authentication Bypass source: https://www.securityfocus.com/bid/30681/info Nukeviet is prone to an authentication-bypass vulnerability because it fails to adequately verify user-supplied input used for cookie-based authentication. Attackers can exploit this...

CVE-2006-0610

Multiple SQL injection vulnerabilities in 2200net Calendar system 1.2, with gpcmagicquotes disabled, allow remote attackers to execute arbitrary SQL commands and bypass authentication via 1 the fmdataid parameter to calendar.php and 2 the $ad'acc' variable in adminlogin.php...