Sql injection

FlameCMS 3.3.5 has SQL injection in account/login.php via accountName...

CVE-2019-16309

FlameCMS 3.3.5 has an SQL injection in account/login.php via the accountName parameter. The root cause is a lack of input validation for SQL statements in a database-backed application, enabling an attacker to execute arbitrary SQL commands. This CVE (CVE-2019-16309) is corroborated by multiple s...

CVE-2019-15826

The wps-hide-login plugin before 1.5.3 for WordPress has a protection bypass via wp-login.php in the Referer field...

PT-2019-11542 · Timesheet · Timesheet Next Gen

Name of the Vulnerable Software and Affected Versions: Timesheet Next Gen versions 1.5.3 and earlier Description: The issue allows an attacker to execute arbitrary HTML and JavaScript code via a redirect parameter. This is a reflected Cross Site Scripting XSS attack, where the victim may click on...

Sql injection

DISPUTED Nagios XI 5.6.1 allows SQL injection via the username parameter to login.php?forgotpass aka the reset password form. NOTE: The vendor disputes this issues as not being a vulnerability because the issue does not seem to be a legitimate SQL Injection. The POC does not show any valid...

CVE-2019-12279

Nagios XI 5.6.1 allows SQL injection via the username parameter to login.php?forgotpass aka the reset password form. NOTE: The vendor disputes this issues as not being a vulnerability because the issue does not seem to be a legitimate SQL Injection. The POC does not show any valid injection that...

Sql injection

The Tubigan "Welcome to our Resort" 1.0 software allows SQL Injection via index.php?p=accomodation&q=SQL, index.php?p=rooms&q=SQL, or admin/login.php...

CVE-2018-18800

The Tubigan "Welcome to our Resort" 1.0 software allows SQL Injection via index.php?p=accomodation&q=SQL, index.php?p=rooms&q=SQL, or admin/login.php...

SOCA Access Control System 180612 - SQL Injection

SOCA Access Control System 180612 SQL Injection And Authentication Bypass Vendor: SOCA Technology Co., Ltd Product web page: http://www.socatech.com Affected version: 180612, 170000 and 141007 Summary: The company's products include proximity and fingerprint access control system, time and...

Cross site scripting

An issue was discovered in Open XDMoD through 7.5.0. html/gui/general/login.php has Reflected XSS via the xduserformalname parameter...

WordPress Cerber Security Antispam & Malware Scan 8.0 Plugin - Multiple Bypass Vulnerabilities

Exploit for php platform in category web applications Exploit Title: WordPress Cerber Security, Antispam & Malware Scan - Multiple Bypass Vulnerabilities Type: WordPress Plugin Active installs: 100,000+ Version: 8.0 Software Link: https://wordpress.org/plugins/wp-cerber/ Exploit Author: ed0x21son...

Design/Logic Flaw

login.php in Adiscon LogAnalyzer before 4.1.7 has XSS via the Login Button Referer field...

CVE-2018-19877

login.php in Adiscon LogAnalyzer before 4.1.7 has XSS via the Login Button Referer field...

CVE-2018-19877

CVE-2018-19877 affects Adiscon LogAnalyzer prior to 4.1.7. The vulnerability is a Cross-Site Scripting (XSS) in the login.php file, exploitable via the Login Button Referer field. The underlying issue is an XSS in the referer parameter of login.php, allowing execution of malicious scripts in the ...

dappbuilder.io XSS vulnerability

Open Bug Bounty ID: OBB-702970 Description| Value ---|--- Affected Website:| dappbuilder.io Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Simple E-Document 1.31 - username SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Simple E-Document 1.31 - 'username' SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: http://www.tecorange.com/index.php/download-free-open-source-software/79-simple-e-document-free-open-source-document-and-paper-m...

BitZoom 1.0 - rollno SQL Injection

BitZoom 1.0 - rollno SQL Injection Exploit Title: BitZoom 1.0 - 'rollno' SQL Injection Dork: N/A Date: 2018-11-14 Exploit Author: Ihsan Sencan Vendor Homepage: https://bitzoom.sourceforge.io/ Software Link: https://excellmedia.dl.sourceforge.net/project/bitzoom/bitzoom-master.zip Version: 1.0...

CVE-2018-19221

CVE-2018-19221 affects LAOBANCMS 2.0. The vulnerability is a SQL injection via the admin/login.php guanliyuan parameter, as described across multiple connected sources. CVSS metrics from the initial document show an overall high/critical impact (CVSS2: 7.5; CVSS3: 9.8) with network access, no aut...

CVE-2018-19224

An issue was discovered in LAOBANCMS 2.0. /admin/login.php allows spoofing of the id and guanliyuan cookies...

Sql injection

PhpTpoint hospital management system suffers from multiple SQL injection vulnerabilities via the index.php user parameter associated with LOGIN.php, or the rno parameter to ALIST.php, DUNDEL.php, PDEL.php, or PUNDEL.php...