CVE-2025-12617

A flaw has been found in itsourcecode Billing System 1.0. This affects an unknown function of the file /admin/app/logincrud.php. Executing a manipulation of the argument Password can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may be use...

CVE-2025-63443

School Management System PHP v1.0 is vulnerable to Cross Site Scripting XSS in /login.php via the password parameter...

CVE-2025-61247

indieka900 online-shopping-system-php 1.0 is vulnerable to SQL Injection in the password parameter of login.php...

CVE-2025-61247

CVE-2025-61247 affects indieka900 online-shopping-system-php 1.0. The vulnerability is a SQL Injection in the password parameter of login.php, as described across multiple sources (NVD entry and related advisories). The underlying issue is unvalidated SQL handling in the login flow, enabling pote...

CVE-2022-25454

Tenda AC6 v15.03.05.09multi was discovered to contain a stack overflow via the loginpwd parameter in the SetFirewallCfg function...

PT-2024-30026 · Unknown · School Management System

Name of the Vulnerable Software and Affected Versions: School Management System affected versions not specified Description: The issue is related to a SQL injection vulnerability. It occurs via the password parameter at the "login.php" endpoint. There is no information provided about the estimate...

The vulnerability of the run() function in the FreeIPA server’s script allows a perpetrator to gain unauthorized access to protected information or cause service failures.

The vulnerability of the run function in the ipautil.py script of the FreeIPA server is related to insufficient validation of input data during session establishment when processing the user parameter /sip/session/loginpassword. Exploiting this vulnerability can allow a malicious actor to gain...

Projectworlds Student Result Management System SQL Injection Vulnerability

Projectworlds Student Result Management System is a student result management system from Projectworlds India. Projectworlds Student Result Management System v1.0 suffers from a SQL injection vulnerability, which arises when the "password" parameter of login.php does not validate the received...

CVE-2023-46963

An issue in Beijing Yunfan Internet Technology Co., Ltd, Yunfan Learning Examination System v.6.5 allows a remote attacker to obtain sensitive information via the password parameter in the login function...

Purchase Order Management 跨站脚本漏洞

Sourcecodester Purchase Order Management System is a simple purchase order management system used to manage the purchase order records of a particular company. A security vulnerability exists in Purchase Order Management v1.0, which was discovered to contain a Reflected Cross Site Scripting XSS...

Sourcecodester Simple Client Management System SQL注入漏洞

Simple Client Management System is a simple web-based application that provides an online platform to manage company customer invoices.Simple Client Management System 1.0 is vulnerable to a SQL injection vulnerability that could be caused by a password parameter in Login.php. No detailed...