Lucene search
K

264 matches found

RedhatCVE
RedhatCVE
added 2025/09/18 8:29 p.m.9 views

CVE-2025-34184

Ilevia EVE X1 Server version ≤ 4.7.18.0.eden contains an unauthenticated OS command injection vulnerability in the /ajax/php/login.php script. Remote attackers can execute arbitrary system commands by injecting payloads into the 'passwd' HTTP POST parameter, leading to full system compromise or...

9.8CVSS8.3AI score0.02743EPSS
Exploits2References1
NVD
NVD
added 2025/09/16 8:15 p.m.6 views

CVE-2025-34184

Ilevia EVE X1 Server version ≤ 4.7.18.0.eden contains an unauthenticated OS command injection vulnerability in the /ajax/php/login.php script. Remote attackers can execute arbitrary system commands by injecting payloads into the 'passwd' HTTP POST parameter, leading to full system compromise or...

9.8CVSS0.02743EPSS
Exploits2References4
Vulnrichment
Vulnrichment
added 2025/09/16 7:40 p.m.4 views

CVE-2025-34184 Ilevia EVE X1 Server 4.7.18.0.eden Neuro-Core Unauthenticated Code Injection

Ilevia EVE X1 Server version ≤ 4.7.18.0.eden contains an unauthenticated OS command injection vulnerability in the /ajax/php/login.php script. Remote attackers can execute arbitrary system commands by injecting payloads into the 'passwd' HTTP POST parameter, leading to full system compromise or...

9.3CVSS7.9AI score0.02743EPSS
Exploits2References4
ATTACKERKB
ATTACKERKB
added 2025/09/16 7:40 p.m.2 views

CVE-2025-34184

Ilevia EVE X1 Server version ≤ 4.7.18.0.eden contains an unauthenticated OS command injection vulnerability in the /ajax/php/login.php script. Remote attackers can execute arbitrary system commands by injecting payloads into the 'passwd' HTTP POST parameter, leading to full system compromise or...

9.8CVSS6.1AI score0.02743EPSS
Exploits2References4
CVE
CVE
added 2025/09/16 7:40 p.m.35 views

CVE-2025-34184

CVE-2025-34184 affects Ilevia EVE X1 Server (≤4.7.18.0.eden). The vulnerability is an unauthenticated OS command injection in /ajax/php/login.php, allowing remote attackers to inject commands via the passwd POST parameter and potentially achieve full system compromise or DoS. Some sources also do...

9.8CVSS7.9AI score0.02743EPSS
Exploits2References4Affected Software1
CNNVD
CNNVD
added 2025/09/16 12:0 a.m.7 views

Ilevia EVE X1 Server 安全漏洞

Ilevia EVE X1 Server is a smart home and building automation from Ilevia, Italy. A security vulnerability exists in Ilevia EVE X1 Server 4.7.18.0.eden and prior versions, which originates from an unauthenticated OS command injection in the /ajax/php/login.php script, which could result in the...

9.8CVSS7.6AI score0.02743EPSS
Exploits2References5
Positive Technologies
Positive Technologies
added 2025/09/16 12:0 a.m.7 views

PT-2025-38074

Name of the Vulnerable Software and Affected Versions: Ilevia EVE X1 Server versions prior to 4.7.18.0.eden Description: Ilevia EVE X1 Server contains an unauthenticated OS command injection vulnerability in the /ajax/php/login.php script. Remote attackers can execute arbitrary system commands by...

9.3CVSS7.6AI score0.02743EPSS
Exploits2References9
Cvelist
Cvelist
added 2025/09/15 4:32 a.m.12 views

CVE-2025-10426 itsourcecode Online Laundry Management System login.php sql injection

A security flaw has been discovered in itsourcecode Online Laundry Management System 1.0. This affects an unknown function of the file /login.php. Performing manipulation of the argument Username results in sql injection. It is possible to initiate the attack remotely. The exploit has been releas...

7.5CVSS0.00387EPSS
Exploits1References5
Cvelist
Cvelist
added 2025/09/12 8:2 p.m.9 views

CVE-2025-10325 Wavlink WL-WN578W2 login.cgi sub_401BA4 command injection

A vulnerability was identified in Wavlink WL-WN578W2 221110. This impacts the function sub401340/sub401BA4 of the file /cgi-bin/login.cgi. Such manipulation of the argument ipaddr leads to command injection. It is possible to launch the attack remotely. The exploit is publicly available and might...

6.5CVSS0.06789EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2025/09/11 2:9 a.m.6 views

CVE-2025-10118

A security vulnerability has been detected in itsourcecode E-Logbook with Health Monitoring System for COVID-19 1.0. The affected element is an unknown function of the file /login.php. The manipulation of the argument Username leads to sql injection. The attack is possible to be carried out...

9.8CVSS7.2AI score0.00483EPSS
Exploits1References1
NVD
NVD
added 2025/09/09 2:15 a.m.5 views

CVE-2025-10118

A security vulnerability has been detected in itsourcecode E-Logbook with Health Monitoring System for COVID-19 1.0. The affected element is an unknown function of the file /login.php. The manipulation of the argument Username leads to sql injection. The attack is possible to be carried out...

9.8CVSS0.00483EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/09/09 12:0 a.m.4 views

PT-2025-36540

Name of the Vulnerable Software and Affected Versions: itsourcecode E-Logbook with Health Monitoring System for COVID-19 version 1.0 Description: A security issue has been identified in itsourcecode E-Logbook with Health Monitoring System for COVID-19. The vulnerability is located in an unknown...

9.8CVSS7.1AI score0.00483EPSS
Exploits1References9
CVE
CVE
added 2025/09/06 10:32 p.m.22 views

CVE-2025-10062

The CVE-2025-10062 entry affects itsourcecode Student Information Management System version 1.0. The vulnerability resides in the /admin/login.php file, where manipulating the uname parameter can lead to SQL injection. The issue is exploitable remotely and publicly disclosed. Multiple connected s...

9.8CVSS7AI score0.00384EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2025/08/29 5:15 p.m.7 views

CVE-2025-9662

A vulnerability was determined in code-projects Simple Grading System 1.0. This affects an unknown function of the file /login.php of the component Admin Panel. Executing manipulation can lead to sql injection. The attack may be performed from a remote location. The exploit has been publicly...

9.8CVSS5.7AI score0.0055EPSS
Exploits1References5
Cvelist
Cvelist
added 2025/08/28 12:0 a.m.10 views

CVE-2025-51972

A SQL Injection vulnerability exists in the login.php of PuneethReddyHC Online Shopping System Advanced 1.0 due to improper sanitization of user-supplied input in the keyword POST parameter...

0.00227EPSS
Exploits1References1
Packet Storm
Packet Storm
added 2025/08/28 12:0 a.m.169 views

📄 Update-motd.d Persistence

This Metasploit module will add a script in /etc/update-motd.d/ in order to persist a payload. The payload will be executed with root privileges every time a user logs in. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framewo...

6.9AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/08/15 8:32 p.m.15 views

CVE-2025-8926

A vulnerability was found in SourceCodester COVID 19 Testing Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /login.php. The manipulation of the argument Username leads to sql injection. The attack can be launched remotely. The exploit has been...

9.8CVSS7.7AI score0.00387EPSS
Exploits1References1
NVD
NVD
added 2025/08/14 6:15 a.m.8 views

CVE-2025-8946

A vulnerability has been found in projectworlds Online Notes Sharing Platform 1.0. This vulnerability affects unknown code of the file /login.php. The manipulation of the argument User leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and m...

9.8CVSS0.00387EPSS
Exploits1References4
CNNVD
CNNVD
added 2025/08/01 12:0 a.m.5 views

Code-Projects Online Medicine Guide 注入漏洞

Online Medicine Guide is an online medical guide. Online Medicine Guide suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the parameter uname in the file /login.php. The vulnerability can be exploited by an attacker to execute...

9.8CVSS8.2AI score0.00498EPSS
Exploits1References6
Packet Storm
Packet Storm
added 2025/07/31 12:0 a.m.106 views

📄 Ilevia EVE X1 Server 4.7.18.0.eden Command Injection

iIlevia EVE X1 Server versions 4.7.18.0.eden and below suffer from an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the passwd HTTP POST parameter in the /ajax/php/login.php script. !/usr/bin/env python Ilevia EVE ...

8.7AI score
Exploits0
Rows per page
Query Builder