EUVD-2025-198577

A vulnerability was found in SourceCodester Company Website CMS 1.0. This affects an unknown part of the file /admin/reset-password.php. The manipulation of the argument email results in sql injection. The attack may be launched remotely. The exploit has been made public and could be used...

Complaint Management System reset-password.php File SQL Injection Vulnerability

Complaint Management System is a complaint management system. Complaint Management System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the email and mobileno parameters of reset-password.php. An attacker can exploit this...

CVE-2025-54321

In Ascertia SigningHub through 8.6.8, there is a lack of rate limiting on the reset password function, leading to an email bombing vulnerability. An authenticated attacker can exploit this by automating reset password requests...

PHPGurukul Complaint Management System 安全漏洞

Complaint Management System is a complaint management system. Complaint Management System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the email and mobileno parameters of reset-password.php. An attacker can exploit this...

AndSoft e-TMS Cross-Site Scripting Vulnerability (CNVD-2025-23567)

AndSoft e-TMS is a logistics management software from AndSoft Spain. A cross-site scripting vulnerability exists in AndSoft e-TMS, which stems from the lack of effective filtering and escaping of user-supplied data in the parameter l of /clt/resetPassword.asp, which can be exploited by an attacke...

EUVD-2021-13616

Malware in sbrugna...

CVE-2022-1597

The WPQA Builder WordPress plugin before 5.4, used as a companion for the Discy and Himer , does not sanitise and escape a parameter on its reset password form which makes it possible to perform Reflected Cross-Site Scripting attacks...

CVE-2021-32731

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Between and including versions 13.1RC1 and 13.1, the reset password form reveals the email address of users just by giving their username. The problem has been patched on XWiki 13.2RC1. As a...

CVE-2025-3924

The PeproDev Ultimate Profile Solutions plugin for WordPress is vulnerable to unauthorized access of data via its publicly exposed reset-password endpoint. The plugin looks up the 'validemail' value based solely on a supplied username parameter, without verifying that the requester is associated...

Evenroute IQrouter has an unspecified vulnerability (CNVD-2020-25368)

Evenroute IQrouter is a smart router from Evenroute USA. A security vulnerability exists in the 'resetpassword' function in the web panel in Evenroute IQrouter 3.3.1 and earlier versions. A remote attacker can exploit this vulnerability to arbitrarily change the password of the root account...

Yuku Forums Cross Site Scripting

Exploit Title: Yuku Forums Cross Site Scripting Date: 24.01.2012 Author: Sony Software Link: http://www.yuku.com/ Google Dorks: inurl:.yuku.com intext:forum Web Browser : Mozilla Firefox Blog : http://st2tea.blogspot.com PoC: http://st2tea.blogspot.com/2012/01/yuku-forums-cross-site-scripting.htm...

Default credentials

ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 allows remote attackers to reset user passwords, and consequently obtain access to arbitrary user accounts, by providing a user id to accounts/ValidateUser, and then providing a new password to accounts/ResetResult...