Lucene search
+L

427 matches found

RedhatCVE
RedhatCVE
added 2026/03/26 3:7 p.m.4 views

CVE-2026-4540

A vulnerability was detected in projectworlds Online Notes Sharing System 1.0. This issue affects some unknown processing of the file /login.php of the component Parameters Handler. The manipulation of the argument User results in sql injection. The attack can be executed remotely. The exploit is...

7.5CVSS6.9AI score0.00359EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/26 11:39 a.m.6 views

CVE-2018-25209 OpenBiz Cubi Lite 3.0.8 SQL Injection via username Parameter

OpenBiz Cubi Lite 3.0.8 contains a SQL injection vulnerability in the login form that allows unauthenticated attackers to manipulate database queries through the username parameter. Attackers can submit POST requests to /bin/controller.php with malicious SQL code in the username field to extract...

8.8CVSS6AI score0.00327EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/22 9:30 a.m.6 views

EUVD-2026-14289

A vulnerability was detected in projectworlds Online Notes Sharing System 1.0. This issue affects some unknown processing of the file /login.php of the component Parameters Handler. The manipulation of the argument Benutzer results in SQL Injection. The attack can be executed remotely. The exploi...

7.5CVSS6.8AI score0.00359EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/03/22 7:41 a.m.8 views

CVE-2026-4540

A vulnerability was detected in projectworlds Online Notes Sharing System 1.0. This issue affects some unknown processing of the file /login.php of the component Parameters Handler. The manipulation of the argument User results in sql injection. The attack can be executed remotely. The exploit is...

7.5CVSS6.8AI score0.00359EPSS
Exploits0References4Affected Software1
CNNVD
CNNVD
added 2026/03/16 12:0 a.m.7 views

Raytha CMS 跨站脚本漏洞

Raytha CMS is a content management system developed by the American company Raytha. Versions of Raytha CMS prior to 1.4.6 contained a cross-site scripting vulnerability. This vulnerability stemmed from the returnUrl parameter in the login function, which allowed for reflected cross-site scripting...

6.1CVSS5.7AI score0.00277EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/16 12:0 a.m.6 views

PT-2026-25682

Name of the Vulnerable Software and Affected Versions itsourcecode Online Enrollment System version 1.0 Description A weakness exists in itsourcecode Online Enrollment System version 1.0 related to the processing of the /sms/login.php file. Manipulation of the user email argument can lead to SQL...

7.5CVSS7AI score0.00254EPSS
Exploits0References9
EUVD
EUVD
added 2026/03/07 9:30 a.m.8 views

EUVD-2026-10134

The Infomaniak Connect for OpenID plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'endpointlogin' parameter of the infomaniakconnectgenericauthurl shortcode in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes...

6.4CVSS5.9AI score0.00191EPSS
Exploits0References4
EUVD
EUVD
added 2026/03/06 3:31 p.m.10 views

EUVD-2018-21622

Net-Billetterie 2.9 contains an SQL injection vulnerability in the login parameter of login.inc.php that allows unauthenticated attackers to execute arbitrary SQL queries. Attackers can submit malicious SQL code through the login POST parameter to extract database information including usernames,...

8.8CVSS6.1AI score0.00232EPSS
Exploits0References3
NVD
NVD
added 2026/03/06 1:15 p.m.7 views

CVE-2018-25167

Net-Billetterie 2.9 contains an SQL injection vulnerability in the login parameter of login.inc.php that allows unauthenticated attackers to execute arbitrary SQL queries. Attackers can submit malicious SQL code through the login POST parameter to extract database information including usernames,...

8.8CVSS0.00232EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/06 12:19 p.m.3 views

CVE-2018-25189

Data Center Audit 2.6.2 contains an SQL injection vulnerability in the username parameter of dcalogin.php that allows unauthenticated attackers to execute arbitrary SQL queries. Attackers can submit crafted SQL payloads through POST requests to extract sensitive database information including...

8.8CVSS6.1AI score0.00237EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/03/06 12:18 p.m.13 views

CVE-2018-25167

Net-Billetterie 2.9 contains an SQL injection in login.inc.php via the login POST parameter, enabling unauthenticated access to extract credentials (usernames, passwords, system credentials). Affected: Net-Billetterie 2.9, login.inc.php. Impact: confidentiality loss; CVSS v3.1 base 8.2 / v4 base ...

8.8CVSS6.1AI score0.00232EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/06 12:18 p.m.4 views

CVE-2018-25167

Net-Billetterie 2.9 contains an SQL injection vulnerability in the login parameter of login.inc.php that allows unauthenticated attackers to execute arbitrary SQL queries. Attackers can submit malicious SQL code through the login POST parameter to extract database information including usernames,...

8.8CVSS6.1AI score0.00232EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/03/06 12:18 p.m.30 views

CVE-2018-25167 Net-Billetterie 2.9 SQL Injection via login.inc.php

Net-Billetterie 2.9 contains an SQL injection vulnerability in the login parameter of login.inc.php that allows unauthenticated attackers to execute arbitrary SQL queries. Attackers can submit malicious SQL code through the login POST parameter to extract database information including usernames,...

8.8CVSS0.00232EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/06 12:0 a.m.14 views

Net-Billetterie SQL注入漏洞

Net-Billetterie is a web ticketing system developed by Net-Billetterie Inc. Version 2.9 of Net-Billetterie contains a SQL injection vulnerability. This vulnerability stems from the login parameter in the login.inc.php file, which allows for SQL injections, potentially enabling the execution of...

8.8CVSS6.1AI score0.00232EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/06 12:0 a.m.10 views

PT-2026-23679

Net-Billetterie 2.9 contains an SQL injection vulnerability in the login parameter of login.inc.php that allows unauthenticated attackers to execute arbitrary SQL queries. Attackers can submit malicious SQL code through the login POST parameter to extract database information including usernames,...

8.8CVSS6.1AI score0.00232EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/06 12:0 a.m.7 views

GPS Tracking System SQL注入漏洞

GPS Tracking System is a GPS tracking system developed by lahirutm. Version 2.12 of GPS Tracking System has a SQL injection vulnerability. This vulnerability stems from an SQL injection issue with the username parameter in the login.php file, which could allow unverified attackers to bypass...

8.8CVSS5.9AI score0.00284EPSS
Exploits0References2
EUVD
EUVD
added 2026/02/25 6:31 a.m.10 views

EUVD-2026-8510

A vulnerability was detected in itsourcecode College Management System 1.0. This vulnerability affects unknown code of the file /login/login.php. The manipulation of the argument email results in sql injection. The attack may be performed from remote. The exploit is now public and may be used...

9.8CVSS5.4AI score0.00391EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2026/02/22 1:28 a.m.5 views

CVE-2019-25438

LabCollector 5.423 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL commands by injecting malicious code through POST parameters. Attackers can submit crafted SQL payloads in the login parameter of login.php or the username parameter of...

8.8CVSS6.4AI score0.00478EPSS
Exploits1References1
OSV
OSV
added 2026/02/20 11:16 p.m.7 views

CVE-2019-25438

LabCollector 5.423 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL commands by injecting malicious code through POST parameters. Attackers can submit crafted SQL payloads in the login parameter of login.php or the username parameter of...

7.5CVSS6.1AI score0.00478EPSS
Exploits1References3
NVD
NVD
added 2026/02/20 11:16 p.m.6 views

CVE-2019-25438

LabCollector 5.423 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL commands by injecting malicious code through POST parameters. Attackers can submit crafted SQL payloads in the login parameter of login.php or the username parameter of...

8.8CVSS0.00478EPSS
Exploits1References3
Rows per page
Query Builder