60 matches found
CVE-2026-10251 itsourcecode Online House Rental System ajax.php login sql injection
A weakness has been identified in itsourcecode Online House Rental System 1.0. The impacted element is an unknown function of the file /ajax.php?action=login. Executing a manipulation of the argument Username can lead to sql injection. The attack may be performed from remote. The exploit has been...
PT-2026-45400
A weakness has been identified in itsourcecode Online House Rental System 1.0. The impacted element is an unknown function of the file /ajax.php?action=login. Executing a manipulation of the argument Username can lead to sql injection. The attack may be performed from remote. The exploit has been...
CVE-2026-7227
A vulnerability was detected in SourceCodester Pizzafy Ecommerce System 1.0. Impacted is the function Login of the file /admin/ajax.php?action=login. The manipulation of the argument e-mail results in sql injection. The attack can be executed remotely. The exploit is now public and may be used...
CVE-2026-6189 SourceCodester Pharmacy Sales and Inventory System ajax.php sql injection
A vulnerability has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. The affected element is an unknown function of the file /ajax.php?action=login. Such manipulation of the argument Username leads to sql injection. It is possible to launch the attack remotely. The exploit ha...
CVE-2026-4021
The Contest Gallery plugin for WordPress is vulnerable to an authentication bypass leading to admin account takeover in all versions up to, and including, 28.1.5. This is due to the email confirmation handler in users-registry-check-after-email-or-pin-confirmation.php using the user's email strin...
CVE-2026-4021 Contest Gallery <= 28.1.5 - Unauthenticated Privilege Escalation Admin Account Takeover via Registration Confirmation Email-to-ID Type Confusion
The Contest Gallery plugin for WordPress is vulnerable to an authentication bypass leading to admin account takeover in all versions up to, and including, 28.1.5. This is due to the email confirmation handler in users-registry-check-after-email-or-pin-confirmation.php using the user's email strin...
CVE-2026-2690
A flaw has been found in itsourcecode Event Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/ajax.php?action=login of the component Admin Login. This manipulation of the argument Username causes sql injection. It is possible to initiate the atta...
CVE-2025-71244
SPIP before 4.4.5 and 4.3.9 allows an Open Redirect via the login form when used in AJAX mode. An attacker can craft a malicious URL that, when visited by a victim, redirects them to an arbitrary external site after login. This vulnerability only affects sites where the login page has been...
CVE-2025-71244
SPIP before 4.4.5 and 4.3.9 allows an Open Redirect via the login form when used in AJAX mode. An attacker can craft a malicious URL that, when visited by a victim, redirects them to an arbitrary external site after login. This vulnerability only affects sites where the login page has been...
UBUNTU-CVE-2025-71244
SPIP before 4.4.5 and 4.3.9 allows an Open Redirect via the login form when used in AJAX mode. An attacker can craft a malicious URL that, when visited by a victim, redirects them to an arbitrary external site after login. This vulnerability only affects sites where the login page has been...
CVE-2025-71244 SPIP < 4.4.5 Open Redirect via Login Form
SPIP before 4.4.5 and 4.3.9 allows an Open Redirect via the login form when used in AJAX mode. An attacker can craft a malicious URL that, when visited by a victim, redirects them to an arbitrary external site after login. This vulnerability only affects sites where the login page has been...
CVE-2025-71244
SPIP ≤ 4.4.5 (and 4.3.9) is affected by an Open Redirect via the login form when used in AJAX mode. A malicious URL can cause a logged-in victim to be redirected to an arbitrary external site after login if the login page has been overridden to function in AJAX mode; it is not mitigated by the SP...
Linux Distros Unpatched Vulnerability : CVE-2025-71244
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SPIP before 4.4.5 and 4.3.9 allows an Open Redirect via the login form when used in AJAX mode. An attacker can craft a malicious URL that, when visited by a...
CVE-2025-13485
CVE-2025-13485 affects itsourcecode Online File Management System 1.0. The vulnerability is a SQL injection caused by improper handling of the Username argument in /ajax.php?action=login, which can be exploited remotely. Multiple connected sources confirm exploitation has been released publicly. ...
CVE-2025-13271
A vulnerability was determined in Campcodes School Fees Payment Management System 1.0. This impacts an unknown function of the file /ajax.php?action=login. This manipulation of the argument Username causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly...
CVE-2025-13271
Campcodes School Fees Payment Management System 1.0 is affected by a SQL injection in /ajax.php?action=login, caused by unsafely handling the Username parameter. Multiple connected sources (CNVD-2026-05370, RH:CVE-2025-13271, CNNVD-202511-1928, CVE-2025-13271 listings, and PT-2025-47133) confirm ...
EUVD-2015-4485
Malware in sbrugna...
EUVD-2025-26923
Malicious code in bioql PyPI...
EUVD-2023-33554
Malicious code in bioql PyPI...
EUVD-2024-34499
Malicious code in bioql PyPI...