CVE-2026-39366 WWBN AVideo Affected by a PayPal IPN Replay Attack Enabling Wallet Balance Inflation via Missing Transaction Deduplication in ipn.php

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the PayPal IPN v1 handler at plugin/PayPalYPT/ipn.php lacks transaction deduplication, allowing an attacker to replay a single legitimate IPN notification to repeatedly inflate their wallet balance and renew subscriptions...

CVE-2022-27991

Online Banking System in PHP v1 was discovered to contain multiple SQL injection vulnerabilities at /stafflogin.php via the Staff ID and Staff Password parameters...

CVE-2021-35284

SQL Injection vulnerability in function getuser in loginmanager.php in rizalafani cms-php v1...

Sql injection

SQL Injection vulnerability in function getuser in loginmanager.php in rizalafani cms-php v1...

CVE-2021-35284

SQL Injection vulnerability in function getuser in loginmanager.php in rizalafani cms-php v1...

CVE-2021-35284

CVE-2021-35284 affects rizalafani cms-php v1, with a SQL Injection vulnerability in the get_user function (login_manager.php). The issue is described across multiple sources as SQL injection in the get_user routine, consistent with a high-severity CVSS3.1 impact (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A...

CVE-2022-27991

Online Banking System in PHP v1 was discovered to contain multiple SQL injection vulnerabilities at /stafflogin.php via the Staff ID and Staff Password parameters...