CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CNNVD•added 2026/02/20 12:0 a.m.•4 views

thesystem 操作系统命令注入漏洞

thesystem is a password management project developed by Kostas Mitroglou. Version 1.0 of thesystem contains a vulnerability related to operating system command injection. This vulnerability stems from the runcommand endpoint, which allows for command injection, potentially enabling unverified...

9.8CVSS6.1AI score0.0621EPSS

NVD•added 2026/02/12 8:16 p.m.•3 views

CVE-2019-25346

TheSystem 1.0 contains a SQL injection vulnerability that allows attackers to bypass authentication by manipulating the 'servername' parameter. Attackers can inject malicious SQL code like ' or '1=1 to retrieve unauthorized database records and potentially access sensitive system information...

7.5CVSS0.00211EPSS

OSV•added 2026/02/12 8:16 p.m.•1 views

CVE-2019-25347

thesystem App 1.0 contains a SQL injection vulnerability that allows attackers to bypass authentication by manipulating the username parameter. Attackers can inject malicious SQL code like ' or '1=1 to the username field to gain unauthorized access to user accounts...

7.5CVSS5.9AI score0.00211EPSS

CVE•added 2026/02/12 7:2 p.m.•5 views

CVE-2019-25347

CVE-2019-25347 affects the System: thesystem App 1.0. The vulnerability is a SQL injection in the username parameter that allows bypassing authentication and gaining unauthorized access to user accounts. The issue is exploitable remotely (network), with low attack complexity and no privileges req...

7.5CVSS5.9AI score0.00211EPSS

Exploits1References3Affected Software1

CVE•added 2026/02/12 7:2 p.m.•6 views

CVE-2019-25346

CVE-2019-25346 pertains to TheSystem 1.0, with a SQL injection in the server_name parameter that enables authentication bypass. The vulnerability allows an attacker to inject SQL like ' or '1=1' to retrieve unauthorized database records and potentially access sensitive system information. Multipl...

7.5CVSS5.9AI score0.00211EPSS

Exploits1References3Affected Software1

Cvelist•added 2026/02/12 7:2 p.m.•25 views

CVE-2019-25346 thesystem 1.0 - 'server_name' SQL Injection

7.5CVSS0.00211EPSS

Vulnrichment•added 2026/02/12 7:2 p.m.•1 views

CVE-2019-25346 thesystem 1.0 - 'server_name' SQL Injection

7.5CVSS6AI score0.00211EPSS

CNNVD•added 2026/02/12 12:0 a.m.•3 views

thesystem SQL注入漏洞

thesystem is a password management project developed by Kostas Mitroglou. Version 1.0 of thesystem has a SQL injection vulnerability, which stems from improper handling of the username parameter, potentially leading to SQL injection attacks...

7.5CVSS5.8AI score0.00211EPSS

Positive Technologies•added 2026/02/12 12:0 a.m.•3 views

PT-2026-7883

7.1CVSS5.9AI score0.00211EPSS

CNNVD•added 2026/02/12 12:0 a.m.•2 views

thesystem SQL注入漏洞

TheSystem is a password management project developed by Kostas Mitroglou. Version 1.0 of thetheSystem has a SQL injection vulnerability, which stems from improper handling of the parameter servername, potentially leading to SQL injection attacks...

7.5CVSS5.8AI score0.00211EPSS

ATTACKERKB•added 2026/02/11 2:56 p.m.•2 views

CVE-2019-25311

thesystem version 1.0 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through multiple server data input fields. Attackers can submit crafted script payloads in operatingsystem, systemowner, systemusername, systempassword,...

6.4CVSS5.5AI score0.00035EPSS

Exploits1References3Affected Software1

Cvelist•added 2026/02/11 2:56 p.m.•26 views

CVE-2019-25311 thesystem Persistent XSS

6.4CVSS0.00035EPSS

CNNVD•added 2026/02/11 12:0 a.m.•2 views

thesystem 跨站脚本漏洞

thesystem is a password management project developed by Kostas Mitroglou. Version 1.0 of thesystem has a cross-site scripting vulnerability. This vulnerability stems from stored-xss scripts, which can allow malicious scripts to be injected through multiple server data input fields, enabling...

6.4CVSS5.8AI score0.00035EPSS

exploitpack•added 2019/09/30 12:0 a.m.•13 views

thesystem 1.0 - Cross-Site Scripting

thesystem 1.0 - Cross-Site Scripting Exploit Title: thesystem Persistent XSS Author: Anıl Baran Yelken Discovery Date: 2019-09-28 Vendor Homepage: https://github.com/kostasmitroglou/thesystem Software Link: https://github.com/kostasmitroglou/thesystem Tested Version: 1.0 Tested on OS: Windows 10...

6.8AI score

Packet Storm•added 2019/09/29 12:0 a.m.•147 views

thesystem 1.0 Command Injection

Exploit Title: thesystem Command Injection Author: Sadik Cetin Discovery Date: 2019-09-28 Vendor Homepage: https://github.com/kostasmitroglou/thesystem | https://github.com/kostasmitroglou/thesystem Software Link: https://github.com/kostasmitroglou/thesystem |...

Exploit DB•added 2019/09/27 12:0 a.m.•396 views

thesystem App 1.0 - 'server_name' SQL Injection

Exploit Title: thesystem 1.0 - 'servername' SQL Injection Author: Sadik Cetin Discovery Date: 2019-09-26 Vendor Homepage: https://github.com/kostasmitroglou/thesystem Software Link: https://github.com/kostasmitroglou/thesystem Tested Version: 1.0 Tested on OS: Windows 10 CVE: N/A Description:...

exploitpack•added 2019/09/27 12:0 a.m.•10 views

thesystem App 1.0 - username SQL Injection

thesystem App 1.0 - username SQL Injection Exploit Title: thesystem App 1.0 - 'username' SQL Injection Author: Anıl Baran Yelken Discovery Date: 2019-09-26 Vendor Homepage: https://github.com/kostasmitroglou/thesystem Software Link: https://github.com/kostasmitroglou/thesystem Tested Version: 1.0...

8.7AI score

Exploit DB•added 2019/09/27 12:0 a.m.•1619 views

thesystem App 1.0 - 'username' SQL Injection

Exploit Title: thesystem App 1.0 - 'username' SQL Injection Author: Anıl Baran Yelken Discovery Date: 2019-09-26 Vendor Homepage: https://github.com/kostasmitroglou/thesystem Software Link: https://github.com/kostasmitroglou/thesystem Tested Version: 1.0 Tested on OS: Windows 10 CVE: N/A...

Packet Storm•added 2019/09/27 12:0 a.m.•189 views

thesystem App 1.0 SQL Injection