Description
Multiple SQL injection vulnerabilities in login.php in Project Man 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by cr4wl3r · textwebappsphp
https://www.exploit-db.com/exploits/11584
References (2)
Core 2
Core References
Exploit exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/11584
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/56580
Scores
EPSS
0.0028
EPSS Percentile
51.2%
Details
CWE
CWE-89
Status
published
Products (1)
http-solution/project_man
1.0
Published
Jun 02, 2010
Tracked Since
Feb 18, 2026