CVE-2023-2641

A vulnerability was found in SourceCodester Online Internship Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file admin/login.php of the component POST Parameter Handler. The manipulation of the argument email leads to sql...

CVE-2022-1839

A vulnerability classified as critical was found in Home Clean Services Management System 1.0. This vulnerability affects the file login.php. The manipulation of the argument email with the input admin%'//AND//SELECT//5383//FROM//SELECTSLEEP2JPeh//AND//'frfq%'='frfq leads to sql injection. The...

CVE-2022-28060

SQL Injection vulnerability in Victor CMS v1.0, via the username parameter to /includes/login.php...

CVE-2022-33119

NUUO Network Video Recorder NVRsolo v03.06.02 was discovered to contain a reflected cross-site scripting XSS vulnerability via login.php...

CVE-2022-2673

A vulnerability was found in Rigatur Online Booking and Hotel Management System aff6409. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file login.php of the component POST Request Handler. The manipulation of the argument email/pass leads to s...

CVE-2021-44244

An SQL Injection vulnerabiity exists in Sourcecodester Logistic Hub Parcel's Management System 1.0 via the username parameter in login.php...

CVE-2020-21517

Cross Site Scripting XSS vulnerability in MetInfo 7.0.0 via the gourl parameter in login.php...

CVE-2020-35952

login.php in PHPFusion aka PHP-Fusion Andromeda 9.x before 2020-12-30 generates error messages that distinguish between incorrect username and incorrect password i.e., not a single "Incorrect username or password" message in both cases, which might allow enumeration...

CVE-2020-21038

Open redirect vulnerability in typecho 1.1-17.10.30-release via the referer parameter to Login.php...

CVE-2020-18661

Cross Site Scripting XSS vulnerability in gnuboard5 =v5.3.2.8 via the url parameter to bbs/login.php...

CVE-2018-16061

Mitsubishi Electric Europe B.V. SmartRTU devices allow XSS via the username parameter or PATHINFO to login.php...

CVE-2019-19484

Open redirect via parameter ‘p’ in login.php in Centreon 19.04.4 and below allows an attacker to craft a payload and execute unintended behavior...

CVE-2011-1150

bbPress through 1.0.2 has XSS in /bb-login.php url via the re parameter...

CVE-2019-17430

EyouCms through 2019-07-11 has XSS related to the login.php webrecordnum parameter...

CVE-2025-4906

CVE-2025-4906 affects PHPGurukul Notice Board System v1.0. Affects the login.php file where manipulation of the Username argument enables SQL injection, with remote access and public disclosure of exploits noted across multiple sources. Root cause is an unresolved SQL statement handling in the lo...

COVID19 Testing Management System /login.php File SQL Injection Vulnerability

The COVID19 Testing Management System is a new crown pneumonia testing management system. COVID19 Testing Management System suffers from a SQL injection vulnerability that stems from an incorrect manipulation of the parameter Username in the file /login.php resulting in SQL injection. No details ...

PHPGurukul Vehicle Parking Management System 安全漏洞

PHPGurukul Vehicle Parking Management System is a parking management system from PHPGurukul Inc. A security vulnerability exists in PHPGurukul Vehicle Parking Management System version 1.13, which is caused by a SQL injection due to incorrect manipulation of the parameter emailcont in the file...

CVE-2025-4331 SourceCodester Online Student Clearance System login.php sql injection

A vulnerability classified as critical was found in SourceCodester Online Student Clearance System 1.0. This vulnerability affects unknown code of the file /Admin/login.php. The manipulation of the argument id/username/password leads to sql injection. The attack can be initiated remotely. The...

CVE-2025-4174 PHPGurukul COVID19 Testing Management System login.php sql injection

A vulnerability, which was classified as critical, has been found in PHPGurukul COVID19 Testing Management System 1.0. Affected by this issue is some unknown functionality of the file /login.php. The manipulation of the argument Username leads to sql injection. The attack may be launched remotely...

CVE-2025-4075 VMSMan login.php cross site scripting

A vulnerability was found in VMSMan up to 20250416. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /login.php. The manipulation of the argument Email with the input "alert1 leads to cross site scripting. The attack may be launched remotely. The...