CVE-2026-33296 AVideo has an Open Redirect via Unvalidated redirectUri in userLogin.php

WWBN AVideo is an open source video platform. Prior to version 26.0, WWBN/AVideo contains an open redirect vulnerability in the login flow where a user-supplied redirectUri parameter is reflected directly into a JavaScript document.location assignment without JavaScript-safe encoding. After a use...

Crime Reporting System userlogin.php File SQL Injection Vulnerability

Crime Reporting System is a crime reporting system. Crime Reporting System suffers from a SQL injection vulnerability that originates from a lack of validation of externally entered SQL statements in the parameter email in the file /userlogin.php. An attacker can exploit this vulnerability to...

CVE-2025-7608 code-projects Simple Shopping Cart userlogin.php sql injection

A vulnerability, which was classified as critical, was found in code-projects Simple Shopping Cart 1.0. Affected is an unknown function of the file /userlogin.php. The manipulation of the argument useremail leads to sql injection. It is possible to launch the attack remotely. The exploit has been...

CVE-2025-7608 code-projects Simple Shopping Cart userlogin.php sql injection

A vulnerability, which was classified as critical, was found in code-projects Simple Shopping Cart 1.0. Affected is an unknown function of the file /userlogin.php. The manipulation of the argument useremail leads to sql injection. It is possible to launch the attack remotely. The exploit has been...

CVE-2025-7608

CVE-2025-7608 affects code-projects Simple Shopping Cart 1.0. The vulnerability is in an unknown function of the file /userlogin.php , where manipulation of the parameter user_email leads to a SQL injection . It can be exploited remotely and the exploit has been disclosed publicly. Multiple sourc...

CVE-2025-7168 code-projects Crime Reporting System userlogin.php sql injection

A vulnerability was found in code-projects Crime Reporting System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /userlogin.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. The exploit has been...

CVE-2025-7168 code-projects Crime Reporting System userlogin.php sql injection

A vulnerability was found in code-projects Crime Reporting System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /userlogin.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. The exploit has been...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in osDate 2.1.9 and 2.5.4, when magicquotesgpc is disabled and registerglobals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the configforuminstalled parameter to 1 forum/adminLogin.php and 2 forum/userLogin.php...

CVE-2010-1053

Multiple SQL injection vulnerabilities in Zen Time Tracking 2.2 and earlier, when magicquotesgpc is disabled, allow remote attackers to execute arbitrary SQL commands via the 1 username and 2 password parameters to a userlogin.php and b managerlogin.php. NOTE: some of these details are obtained...

Sql injection

Multiple SQL injection vulnerabilities in Zen Time Tracking 2.2 and earlier, when magicquotesgpc is disabled, allow remote attackers to execute arbitrary SQL commands via the 1 username and 2 password parameters to a userlogin.php and b managerlogin.php. NOTE: some of these details are obtained...

Zen Tracking 2.2 - Authentication Bypass

Zen Tracking 2.2 - Authentication Bypass + Zen Tracking + Download : http://scripts.ringsworld.com/calendars/zentimetracking/ + Vuln Code : userlogin.php if !empty$POST'password' $username =$POST'username'; $password =$POST'password'; dbConnect; $result1 = mysqlquery"select from ".$tbluser." wher...

Scout Portal Toolkit 1.3.1 - SPT-UserLogin.php SQL Injection

Scout Portal Toolkit 1.3.1 - SPT-UserLogin.php SQL Injection source: https://www.securityfocus.com/bid/15818/info Scout Portal Toolkit is prone to multiple input-validation vulnerabilities because the application fails to properly sanitize user-supplied input. A successful exploit could allow an...