Py-Membres 4.0 - SQL Injection

source: https://www.securityfocus.com/bid/7301/info A vulnerability has been reported for Py-Membres 4.0 that allows remote attackers to modify the logic of SQL queries. It has been reported that an input validation error exists in the login.php file included with Py-Membres. Because of this, a...

CVE-2002-0995

PHPAuction's login.php is vulnerable: a direct call with action=insert allows remote attackers to add a username to the adminUsers table, effectively gaining privileges. The CVE entry documents this privilege escalation and labels it high severity (CVSS v2 base score 7.5). The provided sources co...

CVE-2002-0995

login.php for PHPAuction allows remote attackers to gain privileges via a direct call to login.php with the action parameter set to "insert," which adds the provided username to the adminUsers table...

phpAuction 12 - Unauthorized Administrative Access

phpAuction 12 - Unauthorized Administrative Access source: https://www.securityfocus.com/bid/5141/info PhpAuction is a freely available web-based auction system. It is written using PHP scripting language on a MySQL database engine. A flaw in /admin/login.php has been reported in PHPAuction, whic...