Remote code execution

CMSUno version 1.7.2 is affected by a PHP code execution vulnerability. sauvePass action in webroot/uno/central.php file calls to fileputcontents function to write username in password.php file when a user successfully changed their password. The attacker can inject malicious PHP code into...

CVE-2021-40889

CMSUno version 1.7.2 is affected by a PHP code execution vulnerability. sauvePass action in webroot/uno/central.php file calls to fileputcontents function to write username in password.php file when a user successfully changed their password. The attacker can inject malicious PHP code into...

CVE-2020-22166

PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\forgot-password.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information...

Sql injection

PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\forgot-password.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information...

CVE-2020-22166

The CVE-2020-22166 entry concerns the PHPGurukul Hospital Management System (HM S) version 4.0, where a SQL injection exists in the \hms\forgot-password.php. The vulnerability allows remote unauthenticated attackers to retrieve sensitive database information. Multiple connected sources confirm th...

CVE-2020-22166

PHPGurukul Hospital Management System in PHP v4.0 has a SQL injection vulnerability in \hms\forgot-password.php. Remote unauthenticated users can exploit the vulnerability to obtain database sensitive information...

CVE-2020-28874

The CVE-2020-28874 issue affects ProjectSend’s reset-password.php before r1295, where incorrect business logic allows password reset without a valid token. Root cause: user_data is derived from an uncleaned username (GET parameter) and then reused in POST flow, enabling an attacker to trick the s...

CVE-2012-4526

piwigo has XSS in password.php incomplete fix for CVE-2012-4525...

CVE-2012-4525

piwigo has XSS in password.php...

Design/Logic Flaw

piwigo has XSS in password.php incomplete fix for CVE-2012-4525...

Default credentials

piwigo has XSS in password.php...

CVE-2012-4526

piwigo has XSS in password.php incomplete fix for CVE-2012-4525...

CVE-2012-4526

piwigo has XSS in password.php incomplete fix for CVE-2012-4525...

CVE-2012-4526

Piwigo is affected by a cross-site scripting (XSS) vulnerability in password.php. This entry (CVE-2012-4526) indicates an incomplete fix for CVE-2012-4525, with XSS described in the same file and linked citations. The provided documents do not specify affected versions, exploit status, in-the-wil...

CVE-2012-4525

Piwigo has a Cross-Site Scripting (XSS) vulnerability in password.php (CVE-2012-4525). Multiple sources confirm the issue exists in Piwigo and some Red Hat/Ubuntu entries describe an incomplete fix for CVE-2012-4525, indicating remediation is not fully clear from the provided documents. The affec...

CVE-2012-4525

piwigo has XSS in password.php...

Teameyo Project Management System 1.0 - SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Teameyo - Project Management System 1.0 - SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: https://www.teameyo.com/ Software Link: https://codecanyon.net/item/teameyo-project-management-system/23142804 Version: 1.0...

rz.uni-augsburg.de XSS vulnerability

Open Bug Bounty ID: OBB-670714 Description| Value ---|--- Affected Website:| rz.uni-augsburg.de Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

microkeeper.com.au XSS vulnerability

Open Bug Bounty ID: OBB-664759 Description| Value ---|--- Affected Website:| microkeeper.com.au Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

CVE-2018-13067

/upload/catalog/controller/account/password.php in OpenCart through 3.0.2.0 has CSRF via the index.php?route=account/password URI to change a user's password...