CVE-2020-20642

Cross Site Request Forgery CSRF vulnerability exists in EyouCMS 1.3.6 that can add an htm page to execute the js code via login.php?m=admin&c=Filemanager&a=newfile&lang=cn...

Cross site scripting

Cross Site Scripting XSS vulnerability in gnuboard5 =v5.3.2.8 via the url parameter to bbs/login.php...

MetInfo Cross-Site Scripting Vulnerability (CNVD-2021-49143)

MetInfo is a Content Management System CMS developed using PHP and Mysql. A cross-site scripting vulnerability exists in MetInfo. The vulnerability can be exploited to conduct cross-site scripting attacks via the gourl parameter in login.php...

CVE-2020-22165

PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\user-login.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information...

Cross site scripting

Cross Site Scripting XSS vulnerability in MetInfo 7.0.0 via the gourl parameter in login.php...

CVE-2020-21517

Cross Site Scripting XSS vulnerability in MetInfo 7.0.0 via the gourl parameter in login.php...

CVE-2020-21517

MetInfo 7.0.0 is affected by a Cross‑Site Scripting (XSS) vulnerability exploitable via the gourl parameter in login.php. The issue is identified as CVE-2020-21517. Provided sources consistently describe the vulnerable entry as MetInfo’s login flow accepting gourl input that can be manipulated to...

CVE-2021-31738

Adiscon LogAnalyzer 4.1.10 and 4.1.11 allow login.php XSS...

Adiscon LogAnalyzer 跨站脚本漏洞

Adiscon LogAnalyzer is a set of web front-end tools for system logs and other network event data. The tool provides log browsing, search and basic analysis, and graphical display. A security vulnerability exists in Adiscon LogAnalyzer 4.1.10 and 4.1.11 that allows login.php to execute XSS...

PHP Timeclock 1.04 SQL Injection

Exploit Title: PHP Timeclock 1.04 - Time and Boolean Based Blind SQL Injection Date: 03.05.2021 Exploit Author: Tyler Butler Vendor Homepage: http://timeclock.sourceforge.net Software Link: https://sourceforge.net/projects/timeclock/files/PHP%20Timeclock/PHP%20Timeclock%201.04/ Version: 1.04 Test...

CVE-2021-25898

An issue was discovered in svc-login.php in Void Aural Rec Monitor 9.0.0.1. Passwords are stored in unencrypted source-code text files. This was noted when accessing the svc-login.php file. The value is used to authenticate a high-privileged user upon authenticating with the server...

CVE-2021-25898

An issue was discovered in svc-login.php in Void Aural Rec Monitor 9.0.0.1. Passwords are stored in unencrypted source-code text files. This was noted when accessing the svc-login.php file. The value is used to authenticate a high-privileged user upon authenticating with the server...

CVE-2021-25899

Void Aural Rec Monitor 9.0.0.1 contains a SQL injection in svc-login.php (param1) exploitable via blind time-based requests. An unauthenticated attacker can trigger the vulnerability to potentially read data, modify data, and perform unauthorized administrative actions. No exploit details are pro...

CVE-2021-25898

The CVE-2021-25898 entry relates to Void Aural Rec Monitor 9.0.0.1, where passwords are stored in unencrypted source-code text files within svc-login.php. This creates an information-disclosure risk because the credential value is used to authenticate a high-privileged user when accessing the ser...

Void Aural Rec Monitor SQL注入漏洞

Void Aural Rec Monitor is an application from the Spanish company Void. Aural Rec Monitor version 9.0.0.1 suffers from a SQL injection vulnerability, which originates in svc-login.php, where an unauthenticated attacker sends a crafted HTTP request to perform a blind time-based SQL injection...

CVE-2021-24228

The Jetpack Scan team identified a Reflected Cross-Site Scripting in the Login Form of the Patreon WordPress plugin before 1.7.2. The WordPress login form wp-login.php is hooked by the plugin and offers to allow users to authenticate on the site using their Patreon account. Unfortunately, some of...

Stop Spammers < 2021.9 - Reflected Cross-Site Scripting (XSS)

The plugin did not escape user input when blocking requests such as matching a spam word, outputting it in an attribute after sanitising it to remove HTML tags, which is not sufficient and lead to a reflected Cross-Site Scripting issue. From an IP not in the Allow List...

eChat 1.0 SQL Injection Vulnerability

Exploit Title: eChat | Time-Based Blind SQL Injection Exploit Author: email protected Vendor Homepage: https://www.sourcecodester.com/php/10498/echat-simple-chat-system-app-using-phpmysql.html Software Link: https://www.sourcecodester.com/sites/default/files/download/oretnom23/echat.zip Version:...

eChat 1.0 SQL Injection

Exploit Title: eChat | Time-Based Blind SQL Injection Exploit Author: [email protected] Date: 2021-02-21 Vendor Homepage: https://www.sourcecodester.com/php/10498/echat-simple-chat-system-app-using-phpmysql.html Software Link:...

CVE-2020-35952

CVE-2020-35952 affects PHPFusion (PHP-Fusion) Andromeda 9.x before 2020-12-30. The issue is that login.php generates error messages that differentiate between an incorrect username and an incorrect password, rather than a single generic message, which could enable user enumeration. The connected ...