Design/Logic Flaw

Mitsubishi Electric SmartRTU devices allow XSS via the username parameter or PATHINFO to login.php...

CVE-2018-16061

Mitsubishi Electric Europe B.V. SmartRTU devices allow XSS via the username parameter or PATHINFO to login.php...

CVE-2021-3834

Integria IMS in its 5.0.92 version does not filter correctly some fields related to the login.php file. An attacker could exploit this vulnerability in order to perform a cross-site scripting attack XSS...

CVE-2021-3834 Integria IMS vulnerable to Cross Site Scripting (XSS)

Integria IMS in its 5.0.92 version does not filter correctly some fields related to the login.php file. An attacker could exploit this vulnerability in order to perform a cross-site scripting attack XSS...

CVE-2021-3834

Integria IMS 5.0.92 is vulnerable to cross-site scripting (XSS) due to improper filtering of certain fields in login.php. The issue, described across CVE-2021-3834 records, is caused by inadequate input handling in a login-related form, enabling an attacker to inject/execute script content. The c...

PASS-PHP 1.0 SQL Injection / Cross Site Scripting

Exploit Title: PASS-PHP by: oretnom23 v1.0 is vulnerable to remote SqL-Injection bypass Authentication, XSS-Stored and PHPSESSID Hijacking. Author: nu11secur1ty Testing and Debugging: nu11secur1ty Date: 09.24.2021 Vendor: https://www.sourcecodester.com/user/257130/activity Link:...

E-Negosyo System 1.0 SQL Injection Vulnerability

Exploit Title: E-Negosyo System 1.0 - Time-Based Blind SQLi - admin/login.php Exploit Author: Janik Wehrli Vendor Homepage: https://www.sourcecodester.com/users/janobe Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/bsenordering0.zip Version: 1.0 Category:...

Fuel CMS Brute Force Hacking Vulnerability

FUEL CMS is a CodeIgniter-based content management system. A brute-force cracking vulnerability exists in fuel/modules/fuel/controllers/Login.php in Fuel CMS version 1.5.0. An attacker can use this vulnerability to brute-force the administrator's email address...

CVE-2021-38721

FUEL CMS 1.5.0 login.php contains a cross-site request forgery CSRF vulnerability...

CVE-2021-38725

Fuel CMS 1.5.0 has a brute force vulnerability in fuel/modules/fuel/controllers/Login.php...

CVE-2021-38725

Fuel CMS 1.5.0 has a brute force vulnerability in fuel/modules/fuel/controllers/Login.php...

Cross site request forgery (csrf)

FUEL CMS 1.5.0 login.php contains a cross-site request forgery CSRF vulnerability...

CVE-2021-38725

CVE-2021-38725 — Fuel CMS 1.5.0 brute-force vulnerability . Affected software is Fuel CMS 1.5.0, with the issue located in the login controller file: fuel/modules/fuel/controllers/Login.php. The connected sources explicitly describe a brute-force vulnerability, and CNVD notes that an attacker can...

CVE-2021-38725

Fuel CMS 1.5.0 has a brute force vulnerability in fuel/modules/fuel/controllers/Login.php...

CVE-2021-38840

SQL Injection can occur in Simple Water Refilling Station Management System 1.0 via the waterrefilling/classes/Login.php username parameter...

CVE-2021-38840

SQL Injection can occur in Simple Water Refilling Station Management System 1.0 via the waterrefilling/classes/Login.php username parameter...

eLearning V2(by: oretnom23) is vulnerable from remote SQL-Injection-Bypass-Authentication

Description: The eLearning V2by: oretnom23 is vulnerable from remote SQL-Injection-Bypass-Authentication in 3 accounts of the system admin, Faculty & Student in app /elearning/classes/Login.php. remote SQL-Injection-Bypass-Authentication: . The parameter username, facultyid, and studentid from th...

Online Leave Management System 1.0 SQL Injection

Exploit Title: OLMS - PHP by: oretnom23 v1.0 SQL-Injection-Bypass-Authentication in /leavesystem/classes/Login.php. Author: nu11secur1ty Testing and Debugging: nu11secur1ty Date: 08.31.2021 Vendor: https://www.sourcecodester.com/php/14910/online-leave-management-system-php-free-source-code.html...

SES-by-oretnom23 -v1.0-SQL-Injection-bypass-Login

The SES-byoretnom23 -v1.0 is vulnerable in the application /elearning/classes/Login.php which is called from /elearning/dist/js/script.js app. The parameter username from the login form is not protected correctly and there is no security and escaping from malicious payloads. When the user is...

EyouCMS Cross-site Request Forgery Vulnerability

EyouCMS is an open source content management system CMS based on ThinkPHP.EyouCMS suffers from a cross-site request forgery vulnerability, which stems from a cross-site request forgery CSRF vulnerability in EyouCMS 1.3.6. An attacker could use the vulnerability to execute js code by adding an htm...