264 matches found
CVE-2025-34184
Ilevia EVE X1 Server version ≤ 4.7.18.0.eden contains an unauthenticated OS command injection vulnerability in the /ajax/php/login.php script. Remote attackers can execute arbitrary system commands by injecting payloads into the 'passwd' HTTP POST parameter, leading to full system compromise or...
CVE-2025-34184
Ilevia EVE X1 Server version ≤ 4.7.18.0.eden contains an unauthenticated OS command injection vulnerability in the /ajax/php/login.php script. Remote attackers can execute arbitrary system commands by injecting payloads into the 'passwd' HTTP POST parameter, leading to full system compromise or...
CVE-2025-34184 Ilevia EVE X1 Server 4.7.18.0.eden Neuro-Core Unauthenticated Code Injection
Ilevia EVE X1 Server version ≤ 4.7.18.0.eden contains an unauthenticated OS command injection vulnerability in the /ajax/php/login.php script. Remote attackers can execute arbitrary system commands by injecting payloads into the 'passwd' HTTP POST parameter, leading to full system compromise or...
CVE-2025-34184
Ilevia EVE X1 Server version ≤ 4.7.18.0.eden contains an unauthenticated OS command injection vulnerability in the /ajax/php/login.php script. Remote attackers can execute arbitrary system commands by injecting payloads into the 'passwd' HTTP POST parameter, leading to full system compromise or...
CVE-2025-34184
CVE-2025-34184 affects Ilevia EVE X1 Server (≤4.7.18.0.eden). The vulnerability is an unauthenticated OS command injection in /ajax/php/login.php, allowing remote attackers to inject commands via the passwd POST parameter and potentially achieve full system compromise or DoS. Some sources also do...
Ilevia EVE X1 Server 安全漏洞
Ilevia EVE X1 Server is a smart home and building automation from Ilevia, Italy. A security vulnerability exists in Ilevia EVE X1 Server 4.7.18.0.eden and prior versions, which originates from an unauthenticated OS command injection in the /ajax/php/login.php script, which could result in the...
PT-2025-38074
Name of the Vulnerable Software and Affected Versions: Ilevia EVE X1 Server versions prior to 4.7.18.0.eden Description: Ilevia EVE X1 Server contains an unauthenticated OS command injection vulnerability in the /ajax/php/login.php script. Remote attackers can execute arbitrary system commands by...
CVE-2025-10426 itsourcecode Online Laundry Management System login.php sql injection
A security flaw has been discovered in itsourcecode Online Laundry Management System 1.0. This affects an unknown function of the file /login.php. Performing manipulation of the argument Username results in sql injection. It is possible to initiate the attack remotely. The exploit has been releas...
CVE-2025-10325 Wavlink WL-WN578W2 login.cgi sub_401BA4 command injection
A vulnerability was identified in Wavlink WL-WN578W2 221110. This impacts the function sub401340/sub401BA4 of the file /cgi-bin/login.cgi. Such manipulation of the argument ipaddr leads to command injection. It is possible to launch the attack remotely. The exploit is publicly available and might...
CVE-2025-10118
A security vulnerability has been detected in itsourcecode E-Logbook with Health Monitoring System for COVID-19 1.0. The affected element is an unknown function of the file /login.php. The manipulation of the argument Username leads to sql injection. The attack is possible to be carried out...
CVE-2025-10118
A security vulnerability has been detected in itsourcecode E-Logbook with Health Monitoring System for COVID-19 1.0. The affected element is an unknown function of the file /login.php. The manipulation of the argument Username leads to sql injection. The attack is possible to be carried out...
PT-2025-36540
Name of the Vulnerable Software and Affected Versions: itsourcecode E-Logbook with Health Monitoring System for COVID-19 version 1.0 Description: A security issue has been identified in itsourcecode E-Logbook with Health Monitoring System for COVID-19. The vulnerability is located in an unknown...
CVE-2025-10062
The CVE-2025-10062 entry affects itsourcecode Student Information Management System version 1.0. The vulnerability resides in the /admin/login.php file, where manipulating the uname parameter can lead to SQL injection. The issue is exploitable remotely and publicly disclosed. Multiple connected s...
CVE-2025-9662
A vulnerability was determined in code-projects Simple Grading System 1.0. This affects an unknown function of the file /login.php of the component Admin Panel. Executing manipulation can lead to sql injection. The attack may be performed from a remote location. The exploit has been publicly...
CVE-2025-51972
A SQL Injection vulnerability exists in the login.php of PuneethReddyHC Online Shopping System Advanced 1.0 due to improper sanitization of user-supplied input in the keyword POST parameter...
📄 Update-motd.d Persistence
This Metasploit module will add a script in /etc/update-motd.d/ in order to persist a payload. The payload will be executed with root privileges every time a user logs in. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framewo...
CVE-2025-8926
A vulnerability was found in SourceCodester COVID 19 Testing Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /login.php. The manipulation of the argument Username leads to sql injection. The attack can be launched remotely. The exploit has been...
CVE-2025-8946
A vulnerability has been found in projectworlds Online Notes Sharing Platform 1.0. This vulnerability affects unknown code of the file /login.php. The manipulation of the argument User leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and m...
Code-Projects Online Medicine Guide 注入漏洞
Online Medicine Guide is an online medical guide. Online Medicine Guide suffers from a SQL injection vulnerability that stems from a lack of validation of externally entered SQL statements in the parameter uname in the file /login.php. The vulnerability can be exploited by an attacker to execute...
📄 Ilevia EVE X1 Server 4.7.18.0.eden Command Injection
iIlevia EVE X1 Server versions 4.7.18.0.eden and below suffer from an unauthenticated OS command injection vulnerability. This can be exploited to inject and execute arbitrary shell commands through the passwd HTTP POST parameter in the /ajax/php/login.php script. !/usr/bin/env python Ilevia EVE ...