11 matches found
CVE-2026-4045
A flaw has been found in projectsend up to r1945. This impacts an unknown function of the file includes/Classes/Auth.php. Executing a manipulation of the argument ldapemail can lead to observable response discrepancy. The attack can be executed remotely. A high complexity level is associated with...
PT-2026-25004
Name of the Vulnerable Software and Affected Versions projectsend versions prior to r1946 Description A flaw exists in projectsend up to revision r1945. This impacts an unknown function within the includes/Classes/Auth.php file. Manipulating the ldap email argument can cause an observable...
CVE-2025-12342
A flaw has been found in Serdar Bayram Ghost Hot Spot up to 20251014. The affected element is an unknown function of the file /Auth.php of the component Login. This manipulation causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may be used...
EUVD-2025-36389
A flaw has been found in Serdar Bayram Ghost Hot Spot up to 20251014. The affected element is an unknown function of the file /Auth.php of the component Login. This manipulation causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may be used...
CVE-2025-12342 Serdar Bayram Ghost Hot Spot Login Auth.php sql injection
A flaw has been found in Serdar Bayram Ghost Hot Spot up to 20251014. The affected element is an unknown function of the file /Auth.php of the component Login. This manipulation causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may be used...
EUVD-2009-0738
Malware in sbrugna...
CVE-2020-35848
Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php newpassword function...
Agentejo Cockpit NoSQL Injection Vulnerability (CNVD-2021-01561)
Agentejo Cockpit is a self-hosted "headless" and api-driven lightweight, open source content management system. A NoSQL injection vulnerability exists in Agentejo Cockpit versions prior to 0.11.2. The vulnerability can be exploited to conduct a NoSQL injection attack via the Controller/Auth.php...
CVE-2009-0738
SQL injection vulnerability in login.php in Auth Php 1.0 allows remote attackers to execute arbitrary SQL commands via the 1 username and 2 passwd parameters...
CVE-2009-0738
SQL injection vulnerability in login.php in Auth Php 1.0 allows remote attackers to execute arbitrary SQL commands via the 1 username and 2 passwd parameters...
CVE-2009-0738
CVE-2009-0738 describes an SQL injection vulnerability in login.php of Auth Php 1.0, exploitable via the username and passwd parameters. The root cause is unsafely constructed SQL in the login flow that allows attackers to alter SQL semantics or execute arbitrary commands. The vulnerability affec...