Sql injection

Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php newpassword function...

Sql injection

Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php resetpassword function...

Sql injection

Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php check function...

CVE-2020-35846

Agentejo Cockpit (Cockpit CMS) before version 0.11.2 is vulnerable to a NoSQL injection via the Controller/Auth.php check function. The NoSQL query using the $eq operator can allow unauthorized access and potential data exposure or manipulation. Affected versions are

CVE-2020-35846

Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php check function...

CVE-2020-35848

CVE-2020-35848 affects Agentejo Cockpit prior to 0.11.2, where the NoSQL injection vulnerability exists in the Auth controller’s newpassword path. The connected sources consistently describe exploitation via /auth/resetpassword and /auth/newpassword, enabling manipulation of database queries and ...

CVE-2020-35848

Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php newpassword function...

CVE-2020-35847

Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php resetpassword function...

CVE-2020-35846

Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php check function. Recent assessments: h00die at May 31, 2021 12:07pm UTC reported: noSQL injection within the /auth/requestreset API. By sending JSON.generate 'user' = '$func' = 'vardump' it causes the vardump functio...

CVE-2020-35847

Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php resetpassword function. Recent assessments: h00die at May 31, 2021 12:11pm UTC reported: Similar to CVE-2020-35846, this is a noSQL injection using the vardump function to dump all memory for the password reset...

CVE-2019-13983

Directus 7 API before 2.2.2 has insufficient anti-automation, as demonstrated by lack of a CAPTCHA in core/Directus/Services/AuthService.php and endpoints/Auth.php...

CVE-2019-13983

Directus 7 API before 2.2.2 has insufficient anti-automation, as demonstrated by lack of a CAPTCHA in core/Directus/Services/AuthService.php and endpoints/Auth.php...

Design/Logic Flaw

Instant Update CMS contains a Password Reset Vulnerability vulnerability in /iu-application/controllers/administration/auth.php that can result in Account Tackover. This attack appear to be exploitable via network connectivity. This vulnerability appears to have been fixed in v0.3.3...

CVE-2018-5689

Cross-site scripting XSS vulnerability in admin/auth.php in Dotclear 2.12.1 allows remote authenticated users to inject arbitrary web script or HTML via the malicious user's email...

CVE-2018-5689

Cross-site scripting XSS vulnerability in admin/auth.php in Dotclear 2.12.1 allows remote authenticated users to inject arbitrary web script or HTML via the malicious user's email...

CVE-2018-5689

CVE-2018-5689 affects Dotclear 2.12.1, specifically the admin/auth.php vulnerability. The issue is a Cross-site Scripting (XSS) flaw in which remote authenticated users can inject arbitrary web script or HTML via the malicious user’s email. The root cause, impacted component, and context are stat...

Niushop open source mall system Auth.php has sql injection vulnerabilities

NiuShop open source mall system , is by the Shanxi Niu Cool Information Technology Co., Ltd. completely independent design , research and development of a PHP open source e-commerce system . Niushop open source mall system Auth.php file parameters exist in the SQL injection vulnerability...

tackthis.com XSS vulnerability

Vulnerable URL: https://www.tackthis.com/json/auth.php?callback=prompt/OPENBUGBOUNTY/...

CVE-2016-2152

Multiple cross-site scripting XSS vulnerabilities in auth/db/auth.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 allow remote attackers to inject arbitrary web script or HTML via an external DB profile field...

CVE-2016-2152

CVE-2016-2152 refers to multiple XSS vulnerabilities in Moodle’s auth/db/auth.php, allowing remote attackers to inject arbitrary script or HTML via an external DB profile field. Affected Moodle versions include up to 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x ...