Pharmacy Management System login.php SQL Injection Vulnerability

Pharmacy Management System MPMS is a multilingual pharmacy management system from the personal developer Mayuri K. A SQL injection vulnerability exists in Pharmacy Management System v1.0, which stems from the electronic email and password in login.php Lack of validation of externally entered SQL...

CVE-2022-34949

Pharmacy Management System v1.0 was discovered to contain multiple SQL injection vulnerabilities via the email or password parameter at login.php...

CVE-2022-34949

CVE-2022-34949 affects Pharmacy Management System v1.0. Multiple SQL injection vulnerabilities exist in login.php via the email and password parameters, caused by lack of validation of externally entered SQL statements. Impact stated across sources includes potential theft of sensitive data. No e...

Sql injection

A vulnerability has been found in SourceCodester Garage Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /login.php. The manipulation of the argument username with the input email protected' AND SELECT 6427 FROM SELECTSLEEP5LwLu AND 'hsvT'='hsv...

CVE-2022-1732 Rename wp-login.php <= 2.6.0 - Secret URL Update via CSRF

The Rename wp-login.php WordPress plugin through 2.6.0 does not have CSRF check in place when updating the secret login URL, which could allow attackers to make a logged in admin change them via a CSRF attack...

Cross site scripting

Cross Site Scripting XSS vulnerability in FusionPBX 4.5.26 allows remote unauthenticated users to inject arbitrary web script or HTML via an unsanitized "path" parameter in resources/login.php...

CVE-2022-33119

NUUO Network Video Recorder NVRsolo v03.06.02 was discovered to contain a reflected cross-site scripting XSS vulnerability via login.php...

Cross site scripting

NUUO Network Video Recorder NVRsolo v03.06.02 was discovered to contain a reflected cross-site scripting XSS vulnerability via login.php...

CVE-2022-33119

NUUO NVRsolo Video Recorder v03.06.02 is affected by a reflected cross-site scripting (XSS) vulnerability in login.php. The issue allows an attacker to inject and execute arbitrary script in the victim’s browser, with potential impact including session hijacking, defacement, or leakage of sensiti...

CVE-2022-33119

NUUO Network Video Recorder NVRsolo v03.06.02 was discovered to contain a reflected cross-site scripting XSS vulnerability via login.php...

Rename wp-login.php <= 2.6.0 - Secret URL Update via CSRF

The plugin does not have CSRF check in place when updating the secret login URL, which could allow attackers to make a logged in admin change them via a CSRF attack document.getElementById"test".submit;...

CVE-2022-2086

A vulnerability, which was classified as critical, has been found in SourceCodester Bank Management System 1.0. Affected by this issue is login.php. The manipulation of the argument password with the input 1'and 1=2 union select 1,sleep10,3,4,5 --+ leads to sql injection. The attack may be launch...

CVE-2022-2086 SourceCodester Bank Management System login.php sql injection

A vulnerability, which was classified as critical, has been found in SourceCodester Bank Management System 1.0. Affected by this issue is login.php. The manipulation of the argument password with the input 1'and 1=2 union select 1,sleep10,3,4,5 --+ leads to sql injection. The attack may be launch...

CVE-2022-2086 SourceCodester Bank Management System login.php sql injection

A vulnerability, which was classified as critical, has been found in SourceCodester Bank Management System 1.0. Affected by this issue is login.php. The manipulation of the argument password with the input 1'and 1=2 union select 1,sleep10,3,4,5 --+ leads to sql injection. The attack may be launch...

Home Clean Services Management System SQL Injection Vulnerability

Home Clean Services Management System is a home cleaning service system. version 1.0 of Home Clean Services Management System is vulnerable to a SQL injection issue in login.php. An attacker could exploit this vulnerability to obtain sensitive database information...

Sql injection

A vulnerability classified as critical was found in Home Clean Services Management System 1.0. This vulnerability affects the file login.php. The manipulation of the argument email with the input admin%'//AND//SELECT//5383//FROM//SELECTSLEEP2JPeh//AND//'frfq%'='frfq leads to sql injection. The...

CVE-2022-1839 Home Clean Services Management System login.php sql injection

A vulnerability classified as critical was found in Home Clean Services Management System 1.0. This vulnerability affects the file login.php. The manipulation of the argument email with the input admin%'//AND//SELECT//5383//FROM//SELECTSLEEP2JPeh//AND//'frfq%'='frfq leads to sql injection. The...

CVE-2022-1839

CVE-2022-1839 covers a SQL injection in Home Clean Services Management System 1.0, specifically in the login.php file. The vulnerability arises from manipulating the email parameter (example payload: admin%'//AND/ /(SELECT//5383/ /FROM//(SELECT(SLEEP(2)))JPeh)/ /AND/**/'frfq%'='frfq) which leads ...

CVE-2022-28531

Sourcecodester Covid-19 Directory on Vaccination System1.0 is vulnerable to SQL Injection via the admin/login.php txtusername aka Username field...

bbPress Cross-site Scripting (XSS) vulnerability

bbPress through 1.0.2 has XSS in /bb-login.php url via the re parameter...