Klog Server <=2.41 - Unauthenticated Command Injection

Klog Server 2.4.1 and prior is susceptible to an unauthenticated command injection vulnerability. The authenticate.php file uses the user HTTP POST parameter in a call to the shellexec PHP function without appropriate input validation, allowing arbitrary command execution as the apache user. The...

CVE-2024-7636

A vulnerability was found in code-projects Simple Ticket Booking 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file authenticate.php of the component Login. The manipulation of the argument email/password leads to sql injection. The attac...

CVE-2025-0564 code-projects Fantasy-Cricket authenticate.php sql injection

A vulnerability was found in code-projects Fantasy-Cricket 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /authenticate.php. The manipulation of the argument uname leads to sql injection. The attack can be launched remotely. The explo...

CVE-2025-0564 code-projects Fantasy-Cricket authenticate.php sql injection

A vulnerability was found in code-projects Fantasy-Cricket 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /authenticate.php. The manipulation of the argument uname leads to sql injection. The attack can be launched remotely. The explo...

CVE-2025-0564

CVE-2025-0564 affects code-projects Fantasy-Cricket 1.0. The vulnerability is a remote SQL injection in the /authenticate.php endpoint triggered by manipulating the uname parameter. Attack can be launched remotely; exploit has been publicly disclosed. Multiple sources describe it as critical with...

PT-2025-3957 · Unknown · Code-Projects Fantasy-Cricket

Name of the Vulnerable Software and Affected Versions: code-projects Fantasy-Cricket version 1.0 Description: A critical issue has been found in the code-projects Fantasy-Cricket software. The vulnerability is a remote SQL injection in the /authenticate.php file, which can be exploited by...

CVE-2024-7636

A vulnerability was found in code-projects Simple Ticket Booking 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file authenticate.php of the component Login. The manipulation of the argument email/password leads to sql injection. The attac...

Code-Projects Simple Ticket Booking SQL注入漏洞

Code-Projects Simple Ticket Booking is a simple ticket booking system from Code-Projects open source. A SQL injection vulnerability exists in Code-Projects Simple Ticket Booking version 1.0, which is caused by a SQL injection vulnerability in the email/password parameter of the Login component of...

Command injection

KLog Server 2.4.1 allows OS command injection via shell metacharacters in the actions/authenticate.php user parameter...

CVE-2020-35729

Klog Server 2.4.1 and earlier versions are affected by an unauthenticated command injection in authenticate.php. The vulnerability uses the user parameter, passed to shell_exec(), allowing arbitrary commands as the apache user; the sudoers setup can grant root privileges, enabling full system com...

CVE-2020-35729

KLog Server 2.4.1 allows OS command injection via shell metacharacters in the actions/authenticate.php user parameter...

vikatan.com XSS vulnerability

Open Bug Bounty ID: OBB-676766 Description| Value ---|--- Affected Website:| vikatan.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

ShoreTel Connect ONSITE - Blind SQL Injection

Exploit Title: ShoreTel Connect ONSITE Blind SQL Injection Vulnerability Date: 19-09-2016 Software Link: https://www.shoretel.com/resource-center/shoretel-connect-onsite-overview Exploit Author: Iraklis Mathiopoulos Contact: https://twitter.com/imath Website: https://medium.com/@iraklis Category:...

KISGB <= 5.1.1 (authenticate.php) Remote File Include Vulnerability

No description provided by source. KISGB Keep It Simple Guest Book defaultpathforthemes Remote File Include +class : Remote File Include Vulnerability + +download link : http://phpnuke-downloads.com/modules.php?name=Downloads&dop=nsgetit&cid=14&lid=156&type=urlget +Author : mdx +Files :...

Sql injection

Multiple SQL injection vulnerabilities in Chipmunk Pwngame 1.0, when magicquotesgpc is disabled, allow remote attackers to execute arbitrary SQL commands via the 1 username and 2 password parameters to authenticate.php and the 3 ID parameter to pwn.php. NOTE: some of these details are obtained fr...

Killmonster <= 2.1 (Auth Bypass) SQL Injection Vulnerability

Exploit for unknown platform in category web applications ============================================================ Killmonster Type Username Here: Type Password Here: authenticate.php $isadmin=$POST'isadmin'; $password=$POST'password'; $password=md5$password; $query = "select from kmadmins...

Sql injection

SQL injection vulnerability in authenticate.php in Chipmunk Topsites allows remote attackers to execute arbitrary SQL commands via the username parameter, related to login.php. NOTE: some of these details are obtained from third party information...

CVE-2008-7071

SQL injection vulnerability in authenticate.php in Chipmunk Topsites allows remote attackers to execute arbitrary SQL commands via the username parameter, related to login.php. NOTE: some of these details are obtained from third party information...

CVE-2008-7071

CVE-2008-7071 is a SQL injection vulnerability in Chipmunk Topsites’ authenticate.php. The flaw allows remote attackers to execute arbitrary SQL commands via the username parameter (related to login.php). The public records here note a CVSS v2 base score of 7.5 (High) with network access and no a...

CVE-2008-7071

SQL injection vulnerability in authenticate.php in Chipmunk Topsites allows remote attackers to execute arbitrary SQL commands via the username parameter, related to login.php. NOTE: some of these details are obtained from third party information...