Lucene search
K

60 matches found

Cvelist
Cvelist
added 2026/06/01 11:0 a.m.38 views

CVE-2026-10251 itsourcecode Online House Rental System ajax.php login sql injection

A weakness has been identified in itsourcecode Online House Rental System 1.0. The impacted element is an unknown function of the file /ajax.php?action=login. Executing a manipulation of the argument Username can lead to sql injection. The attack may be performed from remote. The exploit has been...

7.5CVSS0.00263EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.12 views

PT-2026-45400

A weakness has been identified in itsourcecode Online House Rental System 1.0. The impacted element is an unknown function of the file /ajax.php?action=login. Executing a manipulation of the argument Username can lead to sql injection. The attack may be performed from remote. The exploit has been...

7.5CVSS5.6AI score0.00263EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/04/28 5:0 a.m.4 views

CVE-2026-7227

A vulnerability was detected in SourceCodester Pizzafy Ecommerce System 1.0. Impacted is the function Login of the file /admin/ajax.php?action=login. The manipulation of the argument e-mail results in sql injection. The attack can be executed remotely. The exploit is now public and may be used...

7.5CVSS5.3AI score0.00254EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2026/04/13 4:0 p.m.20 views

CVE-2026-6189 SourceCodester Pharmacy Sales and Inventory System ajax.php sql injection

A vulnerability has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. The affected element is an unknown function of the file /ajax.php?action=login. Such manipulation of the argument Username leads to sql injection. It is possible to launch the attack remotely. The exploit ha...

7.5CVSS0.00268EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/03/23 11:25 p.m.3 views

CVE-2026-4021

The Contest Gallery plugin for WordPress is vulnerable to an authentication bypass leading to admin account takeover in all versions up to, and including, 28.1.5. This is due to the email confirmation handler in users-registry-check-after-email-or-pin-confirmation.php using the user's email strin...

8.1CVSS5.7AI score0.00436EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/03/23 11:25 p.m.4 views

CVE-2026-4021 Contest Gallery <= 28.1.5 - Unauthenticated Privilege Escalation Admin Account Takeover via Registration Confirmation Email-to-ID Type Confusion

The Contest Gallery plugin for WordPress is vulnerable to an authentication bypass leading to admin account takeover in all versions up to, and including, 28.1.5. This is due to the email confirmation handler in users-registry-check-after-email-or-pin-confirmation.php using the user's email strin...

8.1CVSS5.7AI score0.00436EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/02/20 1:22 a.m.4 views

CVE-2026-2690

A flaw has been found in itsourcecode Event Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/ajax.php?action=login of the component Admin Login. This manipulation of the argument Username causes sql injection. It is possible to initiate the atta...

9.8CVSS5.5AI score0.00466EPSS
Exploits1References1
NVD
NVD
added 2026/02/19 4:27 p.m.7 views

CVE-2025-71244

SPIP before 4.4.5 and 4.3.9 allows an Open Redirect via the login form when used in AJAX mode. An attacker can craft a malicious URL that, when visited by a victim, redirects them to an arbitrary external site after login. This vulnerability only affects sites where the login page has been...

6.1CVSS0.00196EPSS
Exploits0References3
OSV
OSV
added 2026/02/19 4:27 p.m.3 views

CVE-2025-71244

SPIP before 4.4.5 and 4.3.9 allows an Open Redirect via the login form when used in AJAX mode. An attacker can craft a malicious URL that, when visited by a victim, redirects them to an arbitrary external site after login. This vulnerability only affects sites where the login page has been...

6.1CVSS5.6AI score
Exploits0References3
OSV
OSV
added 2026/02/19 4:27 p.m.4 views

UBUNTU-CVE-2025-71244

SPIP before 4.4.5 and 4.3.9 allows an Open Redirect via the login form when used in AJAX mode. An attacker can craft a malicious URL that, when visited by a victim, redirects them to an arbitrary external site after login. This vulnerability only affects sites where the login page has been...

6.1CVSS5.8AI score0.00196EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/02/19 2:58 p.m.3 views

CVE-2025-71244 SPIP < 4.4.5 Open Redirect via Login Form

SPIP before 4.4.5 and 4.3.9 allows an Open Redirect via the login form when used in AJAX mode. An attacker can craft a malicious URL that, when visited by a victim, redirects them to an arbitrary external site after login. This vulnerability only affects sites where the login page has been...

6.1CVSS5.7AI score0.00196EPSS
Exploits0References3
CVE
CVE
added 2026/02/19 2:58 p.m.21 views

CVE-2025-71244

SPIP ≤ 4.4.5 (and 4.3.9) is affected by an Open Redirect via the login form when used in AJAX mode. A malicious URL can cause a logged-in victim to be redirected to an arbitrary external site after login if the login page has been overridden to function in AJAX mode; it is not mitigated by the SP...

6.1CVSS5.7AI score0.00196EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/02/19 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2025-71244

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SPIP before 4.4.5 and 4.3.9 allows an Open Redirect via the login form when used in AJAX mode. An attacker can craft a malicious URL that, when visited by a...

6.1CVSS5.9AI score0.00196EPSS
Exploits0References3
CVE
CVE
added 2025/11/21 12:2 a.m.11 views

CVE-2025-13485

CVE-2025-13485 affects itsourcecode Online File Management System 1.0. The vulnerability is a SQL injection caused by improper handling of the Username argument in /ajax.php?action=login, which can be exploited remotely. Multiple connected sources confirm exploitation has been released publicly. ...

9.8CVSS7.2AI score0.00325EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2025/11/17 9:15 a.m.5 views

CVE-2025-13271

A vulnerability was determined in Campcodes School Fees Payment Management System 1.0. This impacts an unknown function of the file /ajax.php?action=login. This manipulation of the argument Username causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly...

9.8CVSS0.00346EPSS
Exploits1References5
CVE
CVE
added 2025/11/17 8:32 a.m.13 views

CVE-2025-13271

Campcodes School Fees Payment Management System 1.0 is affected by a SQL injection in /ajax.php?action=login, caused by unsafely handling the Username parameter. Multiple connected sources (CNVD-2026-05370, RH:CVE-2025-13271, CNNVD-202511-1928, CVE-2025-13271 listings, and PT-2025-47133) confirm ...

9.8CVSS6.6AI score0.00346EPSS
Exploits1References5Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2015-4485

Malware in sbrugna...

4.3CVSS6.4AI score0.04211EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-26923

Malicious code in bioql PyPI...

7.1CVSS6.5AI score0.00118EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2023-33554

Malicious code in bioql PyPI...

9.8CVSS9.4AI score0.00989EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-34499

Malicious code in bioql PyPI...

5.9CVSS5.9AI score0.00359EPSS
Exploits0References1
Rows per page
Query Builder