CVE-2020-35952

login.php in PHPFusion aka PHP-Fusion Andromeda 9.x before 2020-12-30 generates error messages that distinguish between incorrect username and incorrect password i.e., not a single "Incorrect username or password" message in both cases, which might allow enumeration...

CVE-2021-3002

Seo Panel 4.8.0 allows reflected XSS via the seo/seopanel/login.php?sec=forgot email parameter...

CVE-2021-3002

Seo Panel 4.8.0 allows reflected XSS via the seo/seopanel/login.php?sec=forgot email parameter...

CVE-2020-28138

SourceCodester Online Clothing Store 1.0 is affected by a SQL Injection via the txtUserName parameter to login.php...

Sql injection

SourceCodester Online Clothing Store 1.0 is affected by a SQL Injection via the txtUserName parameter to login.php...

CVE-2020-28138

SourceCodester Online Clothing Store 1.0 is affected by a SQL Injection via the txtUserName parameter to login.php...

CVE-2020-28138

SourceCodester Online Clothing Store 1.0 is affected by a SQL Injection in login.php via the txtUserName parameter. Root cause: improper input validation allowing SQL injection. Impact: as per CVE metrics, potential execution of arbitrary SQL with high/critical severity; remote attacker could man...

CVE-2020-27886

An issue was discovered in EyesOfNetwork eonweb 5.3-7 through 5.3-8. The eonweb web interface is prone to a SQL injection, allowing an unauthenticated attacker to exploit the usernameavailable function of the includes/functions.php file which is called by login.php...

Sql injection

An issue was discovered in EyesOfNetwork eonweb 5.3-7 through 5.3-8. The eonweb web interface is prone to a SQL injection, allowing an unauthenticated attacker to exploit the usernameavailable function of the includes/functions.php file which is called by login.php...

CVE-2020-18129

A CSRF vulnerability in Eyoucms v1.2.7 allows an attacker to add an admin account via login.php...

Cross site request forgery (csrf)

A CSRF vulnerability in Eyoucms v1.2.7 allows an attacker to add an admin account via login.php...

CVE-2020-18129

A CSRF vulnerability in Eyoucms v1.2.7 allows an attacker to add an admin account via login.php...

Default credentials

tiki-login.php in Tiki before 21.2 sets the admin password to a blank value after 50 invalid login attempts...

CVE-2020-15906

CVE-2020-15906 affects Tiki Wiki CMS GroupWare before 21.2. The flaw in tiki-login.php allows an authentication bypass: after 50 invalid login attempts, the admin password is set to blank, permitting unauthenticated admin access. Remediation: upgrade to version 21.2 or later. CVSS 3.1 base score ...

Design/Logic Flaw

phpRedisAdmin before 1.13.2 allows XSS via the login.php username parameter...

CVE-2020-27163

phpRedisAdmin before 1.13.2 allows XSS via the login.php username parameter...

CVE-2020-25006

Heybbs v1.2 has a SQL injection vulnerability in login.php file via the username parameter which may allow a remote attacker to execute arbitrary code...

Sql injection

Heybbs v1.2 has a SQL injection vulnerability in login.php file via the username parameter which may allow a remote attacker to execute arbitrary code...

CVE-2020-25006

Heybbs v1.2 has a SQL injection vulnerability in login.php file via the username parameter which may allow a remote attacker to execute arbitrary code...

CVE-2020-25006

The CVE-2020-25006 entry concerns Heybbs v1.2, with a SQL injection vulnerability in login.php via the username parameter that may allow a remote attacker to execute arbitrary code. The affected component is the login logic in Heybbs 1.2; underlying cause is a SQL injection flaw in user authentic...