11 matches found
CVE-2026-10251
A weakness has been identified in itsourcecode Online House Rental System 1.0. The impacted element is an unknown function of the file /ajax.php?action=login. Executing a manipulation of the argument Username can lead to sql injection. The attack may be performed from remote. The exploit has been...
Data Center Audit SQL注入漏洞
Data Center Audit is a data auditing software developed by Ben Patridge. Version 2.6.2 of Data Center Audit contains a SQL injection vulnerability. This vulnerability stems from an SQL injection issue with the username parameter in the dcalogin.php file, which may allow unverified attackers to...
CourseSelectionSystem SQL注入漏洞
CourseSelectionSystem is a simple online course selection system by the individual developer of kidaze. CourseSelectionSystem suffers from a SQL injection vulnerability, which originates from an incorrect manipulation of the parameter Username in the file /Profilers/SProfile/login1.php, which may...
CVE-2025-11476 SourceCodester Simple E-Commerce Bookstore index.php sql injection
A vulnerability was identified in SourceCodester Simple E-Commerce Bookstore 1.0. This affects an unknown part of the file /index.php. The manipulation of the argument loginusername leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and might be used...
EUVD-2012-6589
Malware in sbrugna...
PHPGurukul Notice Board System 安全漏洞
Notice Board System is a bulletin board system. The Notice Board System suffers from a SQL injection vulnerability that originates from a lack of validation of externally-entered SQL statements in the Username parameter of file /login.php. The vulnerability can be exploited by an attacker to...
Sanitization Management System 跨站脚本漏洞
Sanitization Management System is a sanitization management system by Carlo Montero Personal Developer. A security vulnerability exists in Sanitization Management System version v1.0.0. An attacker can exploit this vulnerability to execute arbitrary web script or HTML by injecting a specially...
CVE-2020-27163
phpRedisAdmin before 1.13.2 allows XSS via the login.php username parameter...
Teltonika RUT9XX Router Arbitrary Command Execution Vulnerability
Teltonika RUT9XX routers also known as LuCI is a router product from the Lithuanian company Teltonika. A security vulnerability exists in the administration interface of Teltonika RUT9XX routers with firmware version 00.03.265 and earlier. The vulnerability can be exploited by a remote attacker t...
Sql injection
Multiple SQL injection vulnerabilities in BrowserCRM 5.100.01 and earlier allow remote attackers to execute arbitrary SQL commands via the 1 loginusername parameter to index.php, 2 parentid parameter to modules/Documents/versionlist.php, or 3 contactid parameter to modules/Documents/index.php...
CVE-2008-0783
Multiple cross-site scripting XSS vulnerabilities in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k allow remote attackers to inject arbitrary web script or HTML via 1 the viewtype parameter to graph.php; 2 the filter parameter to graphview.php; 3 the action parameter to the drawnavigationtext...