CVE-2025-11476

A vulnerability was identified in SourceCodester Simple E-Commerce Bookstore 1.0. This affects an unknown part of the file /index.php. The manipulation of the argument loginusername leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and might be used...

CVE-2011-4824

SQL injection vulnerability in authlogin.php in Cacti before 0.8.7h allows remote attackers to execute arbitrary SQL commands via the loginusername parameter...

CVE-2009-4406

Cross-site scripting XSS vulnerability in Forms/login1 in American Power Conversion APC Switched Rack PDU AP7932 B2, running rpdu 3.3.3 or 3.7.0 on AOS 3.3.4, and possibly other versions, allows remote attackers to inject arbitrary web script or HTML via the loginusername parameter...

CVE-2008-0785

Multiple SQL injection vulnerabilities in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k allow remote authenticated users to execute arbitrary SQL commands via the 1 graphlist parameter to graphview.php, 2 leafid and id parameters to tree.php, 3 localgraphid parameter to graphxport.php, and 4...

Cacti index.php/sql.php Login Action login_username Parameter SQL Injection

The remote host is running Cacti, a web-based front-end to RRDTool for network graphing. The version of Cacti installed on the remote host fails to sanitize user input to the 'loginusername' parameter before using it in the 'authlogin.php' script to perform database queries. Regardless of PHP's...