CVE-2020-25006

The CVE-2020-25006 entry concerns Heybbs v1.2, with a SQL injection vulnerability in login.php via the username parameter that may allow a remote attacker to execute arbitrary code. The affected component is the login logic in Heybbs 1.2; underlying cause is a SQL injection flaw in user authentic...

elaniin CMS - Authentication Bypass Vulnerability

Exploit for php platform in category web applications Exploit Title: elaniin CMS 1.0 - Authentication Bypass Exploit Author: BKpatron Vendor Homepage:https://elaniin.com/ Software Link:https://github.com/elaniin/CMS/archive/master.zip Version: v1.0 Tested on: Win 10 CVE: N/A Vulnerability: Attack...

CVE-2020-12273

In TestLink 1.9.20, a crafted login.php viewer parameter exposes cleartext credentials...

CVE-2019-19484

Open redirect via parameter ‘p’ in login.php in Centreon 19.04.4 and below allows an attacker to craft a payload and execute unintended behavior...

CVE-2019-19484

CVE-2019-19484 affects Centreon prior to version 19.04.5 (19.04.4 and below) and is due to an open redirect in login.php via the p URL parameter. An attacker can craft a payload to trigger unintended behavior by redirecting to an arbitrary URL. The linked records (including Red Hat advisory refer...

Centreon Input Validation Error Vulnerability (CNVD-2020-21242)

Centreon Merethis Centreon is a set of open source system monitoring tools from the French company Centreon . The product mainly provides monitoring functions on the network , system and application resources . An input validation error vulnerability exists in Centreon 19.04.4 and earlier version...

Cross site scripting

The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflected XSS injecting arbitrary web script or HTML in admin/report-failed-login.php by adding a question mark ? followed by the payload...

Cross site scripting

Utilities.php in the miniorange-saml-20-single-sign-on plugin before 4.8.84 for WordPress allows XSS via a crafted SAML XML Response to wp-login.php. This is related to the SAMLResponse and RelayState variables, and the Destination parameter of the samlp:Response XML element...

CVE-2020-6850

Utilities.php in the miniorange-saml-20-single-sign-on plugin before 4.8.84 for WordPress allows XSS via a crafted SAML XML Response to wp-login.php. This is related to the SAMLResponse and RelayState variables, and the Destination parameter of the samlp:Response XML element...

Design/Logic Flaw

bbPress through 1.0.2 has XSS in /bb-login.php url via the re parameter...

CVE-2019-20173

The Auth0 wp-auth0 plugin 3.11.x before 3.11.3 for WordPress allows XSS via a wle parameter associated with wp-login.php...

Design/Logic Flaw

The Auth0 wp-auth0 plugin 3.11.x before 3.11.3 for WordPress allows XSS via a wle parameter associated with wp-login.php...

CVE-2019-20173

The Auth0 wp-auth0 plugin 3.11.x before 3.11.3 for WordPress allows XSS via a wle parameter associated with wp-login.php...

Auth0 < 3.11.3 - Unauthenticated Reflected XSS via wle Parameter

XSS via a wle parameter associated with wp-login.php. PoC WP/wp-login.php?wle=%22%20onEvent%3DX186697040Y2Z%20...

elaniin CMS 1.0 - Authentication Bypass

Exploit Title: elaniin CMS 1.0 - Authentication Bypass Author: riamloo Date: 2020-01-02 Vendor Homepage: https://elaniin.com/ github == https://github.com/elaniin/ Software Link: https://github.com/elaniin/CMS/archive/master.zip Version: 1 CVE: N/A Tested on: Win 10 Discription: Open-source Conte...

BloodX 1.0 SQL Injection

Exploit Title: BloodX 1.0 - Authentication Bypass Author: riamloo Date: 2019-12-31 Vendor Homepage: https://github.com/diveshlunker/BloodX Software Link: https://github.com/diveshlunker/BloodX/archive/master.zip Version: 1 CVE: N/A Tested on: Win 10 Discription: An standalone platform which lets...

CVE-2019-17430

EyouCms through 2019-07-11 has XSS related to the login.php webrecordnum parameter...

Cross site scripting

EyouCms through 2019-07-11 has XSS related to the login.php webrecordnum parameter...

CVE-2019-17430

CVE-2019-17430 affects EyouCms up to 2019-07-11. The issue is an XSS in the login.php web_recordnum parameter. The connected documents confirm the vulnerability type (XSS) and affected component (login flow) but do not provide concrete exploit vectors, affected versions beyond the date, or remedi...

CVE-2019-17430

EyouCms through 2019-07-11 has XSS related to the login.php webrecordnum parameter...