Lucene search
K

265 matches found

CVE
CVE
added 2 days ago13 views

CVE-2026-15489

The CVE-2026-15489 entry describes a SQL injection in RafyMrX TOKO-ONLINE-ROTI (up to commit ddfe1cd587be0a0b5135d8b6e85cce2ec3aece99) via an input in the file proses/login.php where the Username argument is manipulated. The vulnerability is exploitable remotely, with a publicly available exploit...

7.5CVSS6.8AI score0.00254EPSS
Exploits0References4
CVE
CVE
added 2026/07/05 1:0 a.m.17 views

CVE-2026-14688

CVE-2026-14688 affects itsourcecode Online Hotel Management System 1.0. The vulnerability is SQL injection in an unknown function of /admin/login.php triggered by manipulating the email parameter. Exploitation can be remote and publicly available proofs-of-concept exist. Impact metrics indicate l...

7.5CVSS6.9AI score0.00281EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/07/04 12:0 a.m.13 views

PT-2026-55740

Name of the Vulnerable Software and Affected Versions code-projects Online Job Portal version 1.0 Description A remote SQL injection exists in the login.php file. This occurs when the txtUser and txtPass arguments are manipulated, allowing an attacker to interfere with the database queries...

7.5CVSS7.2AI score0.00412EPSS
Exploits0References9
EUVD
EUVD
added 2026/07/01 12:34 a.m.6 views

EUVD-2026-40459

Storage Concentrator SC & SCVM is vulnerable to SQL injection through cookie values processed by the login.pl and debug.pl scripts. The cookie value is incorporated directly into database queries without adequate sanitization, allowing an unauthenticated remote attacker to manipulate those querie...

9.3CVSS5.9AI score0.00406EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/06/30 10:36 p.m.5 views

CVE-2026-55721

Storage Concentrator SC & SCVM is vulnerable to SQL injection through cookie values processed by the login.pl and debug.pl scripts. The cookie value is incorporated directly into database queries without adequate sanitization, allowing an unauthenticated remote attacker to manipulate those querie...

9.3CVSS5.9AI score0.00406EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.10 views

PT-2026-54436

Name of the Vulnerable Software and Affected Versions Storage Concentrator SC & SCVM affected versions not specified Description An issue exists where cookie values processed by the login.pl and debug.pl scripts are incorporated directly into database queries without adequate sanitization. This...

9.3CVSS5.9AI score0.00406EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/05/31 4:45 a.m.12 views

CVE-2026-10169 OUSL-GROUP-BrinaryBrains School Student Management System Forgot Password Endpoint Login.php ajax_forgot_password password recovery

A vulnerability was detected in OUSL-GROUP-BrinaryBrains School Student Management System up to 1e70e5ad1125b86dca4ee086eb6bb121f17708b6. Affected by this vulnerability is the function ajaxforgotpassword of the file application/controllers/Login.php of the component Forgot Password Endpoint. The...

6.3CVSS5.1AI score0.00286EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/30 2:55 p.m.9 views

CVE-2018-25424 Gate Pass Management System 2.1 SQL Injection via login-exec.php

Gate Pass Management System 2.1 contains an SQL injection vulnerability that allows unauthenticated attackers to bypass authentication by injecting SQL code through the login and password parameters. Attackers can submit crafted POST requests to login-exec.php with SQL injection payloads in form...

8.8CVSS5.9AI score0.0032EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.8 views

tickets 信任管理问题漏洞

Tickets is an open-source public safety scheduling and tracking application developed by Open ISES. Versions of tickets prior to 3.44.2 contained a vulnerability related to trust management. This vulnerability stemmed from the disabling of TLS certificate verification in incs/login.inc.php,...

8.2CVSS5.8AI score0.00205EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/05/11 8:27 p.m.12 views

CVE-2026-8230

A flaw has been found in Wavlink NU516U1 240425. The impacted element is the function syslogin1 of the file /cgi-bin/login.cgi. Executing a manipulation of the argument ipaddr can lead to os command injection. The attack can be executed remotely. The exploit has been published and may be used. Th...

8.8CVSS6.4AI score0.04944EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/05/10 4:30 a.m.12 views

CVE-2026-8230

A flaw has been found in Wavlink NU516U1 240425. The impacted element is the function syslogin1 of the file /cgi-bin/login.cgi. Executing a manipulation of the argument ipaddr can lead to os command injection. The attack can be executed remotely. The exploit has been published and may be used. Th...

6.5CVSS6.4AI score0.04944EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2026/05/08 4:16 a.m.15 views

CVE-2026-8132

A weakness has been identified in CodeAstro Leave Management System 1.0. Affected is an unknown function of the file /login.php. This manipulation of the argument txtusername causes sql injection. The attack can be initiated remotely. The exploit has been made available to the public and could be...

7.5CVSS0.00254EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/04/28 4:45 a.m.31 views

CVE-2026-7226 SourceCodester Pizzafy Ecommerce System ajax.php login2 sql injection

A security vulnerability has been detected in SourceCodester Pizzafy Ecommerce System 1.0. This issue affects the function login2 of the file /admin/ajax.php?action=login2. The manipulation of the argument e-mail leads to sql injection. Remote exploitation of the attack is possible. The exploit h...

7.5CVSS0.00254EPSS
Exploits0References5
CVE
CVE
added 2026/04/27 12:45 a.m.16 views

CVE-2026-7072

CVE-2026-7072 affects CodePanda Source canteen_management_system 1.0. The flaw resides in the login component (file /api/login.php), where manipulating the Username parameter enables a SQL injection. The vulnerability is exploitable remotely and the exploit is public. Metrics indicate CVSS metric...

7.5CVSS7.3AI score0.00254EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/04/27 12:45 a.m.4 views

CVE-2026-7072

A vulnerability was detected in CodePanda Source canteenmanagementsystem 1.0. Affected by this issue is some unknown functionality of the file /api/login.php. The manipulation of the argument Username results in sql injection. The attack can be executed remotely. The exploit is now public and may...

7.5CVSS7.3AI score0.00254EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/19 12:0 a.m.12 views

PT-2026-33617

A weakness has been identified in Wavlink WL-WN579A3 220323. This affects the function sub 401F80 of the file /cgi-bin/login.cgi. This manipulation of the argument Hostname causes cross site scripting. Remote exploitation of the attack is possible. Upgrading the affected component is recommended...

5.3CVSS4.5AI score0.00265EPSS
Exploits0References6
NVD
NVD
added 2026/04/10 3:16 p.m.8 views

CVE-2026-29861

PHP-MYSQL-User-Login-System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter at login.php...

9.8CVSS0.00319EPSS
Exploits0References1
CVE
CVE
added 2026/04/10 12:0 a.m.13 views

CVE-2026-29861

CVE-2026-29861 affects PHP-MYSQL-User-Login-System v1.0, with a SQL injection vulnerability in login.php via the username parameter. The root cause is unsafely constructed SQL queries that incorporate unvalidated user input, leading to potential unauthorized disclosure/integrity impact and possib...

9.8CVSS5.9AI score0.00319EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/06 10:57 a.m.3 views

CVE-2026-5555

A weakness has been identified in code-projects Concert Ticket Reservation System 1.0. This affects an unknown part of the file /ConcertTicketReservationSystem-master/login.php of the component Parameter Handler. Executing a manipulation of the argument Email can lead to sql injection. The attack...

7.5CVSS6.9AI score0.00259EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/04/06 12:0 a.m.11 views

Code-Projects Online FIR System SQL注入漏洞

Code-Projects Online FIR System is an open-source online FIR system developed by Code-Projects. Version 1.0 of the Code-Projects Online FIR System has a SQL injection vulnerability. This vulnerability arises from incorrect handling of parameters email and password in the file /Login/checklogin.ph...

7.5CVSS7.2AI score0.00319EPSS
Exploits0References5
Rows per page
Query Builder