5 matches found
CVE-2025-9977
Value provided in one of POST parameters sent during the process of logging in to Times Software E-Payroll is not sanitized properly, which allows an unauthenticated attacker to perform DoS attacks. SQL injection attacks might also be feasible, although so far creating a working exploit has been...
PHPGurukul Online Banquet Booking System 代码注入漏洞
Online Banquet Booking System is an online banquet booking system. A cross-site scripting vulnerability exists in Online Banquet Booking System, which originates from the userlogin/userpassword parameters not being effectively filtered in the /admin/login.php file. The vulnerability can be...
CVE-2022-1089
The Bulk Edit and Create User Profiles WordPress plugin before 1.5.14 does not sanitise and escape the Users Login, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2021-44088
An SQL Injection vulnerability exists in Sourcecodester Attendance and Payroll System v1.0 which allows a remote attacker to bypass authentication via unsanitized login parameters...
Sql injection
An SQL Injection vulnerability exists in Sourcecodester Attendance and Payroll System v1.0 which allows a remote attacker to bypass authentication via unsanitized login parameters...