VYPR

Leave Management System

by Itsourcecode

CVEs (14)

  • CVE-2025-11432HigOct 8, 2025
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was identified in itsourcecode Leave Management System 1.0. This affects an unknown function of the file /reset.php. Such manipulation of the argument employid leads to sql injection. The attack may be performed from remote. The exploit is publicly available and…

  • CVE-2025-11433LowOct 8, 2025
    risk 0.23cvss 3.5epss 0.00

    A security flaw has been discovered in itsourcecode Leave Management System 1.0. This impacts the function redirect of the file /module/employee/controller.php?action=reset of the component Query Parameter Handler. Performing a manipulation of the argument ID results in cross…

  • CVE-2025-3245Apr 4, 2025
    risk 0.00cvss epss 0.00

    A vulnerability was found in itsourcecode Library Management System 1.0. It has been rated as critical. Affected by this issue is the function Search of the file library_management/src/Library_Management/Forgot.java. The manipulation of the argument txtuname leads to sql…

  • CVE-2024-48415Oct 22, 2024
    risk 0.00cvss epss 0.00

    itsourcecode Loan Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via a crafted payload to the lastname, firstname, middlename, address, contact_no, email and tax_id parameters in new borrowers functionality on the Borrowers page.

  • CVE-2024-6192Jun 20, 2024
    risk 0.00cvss epss 0.01

    A vulnerability classified as critical was found in itsourcecode Loan Management System 1.0. This vulnerability affects unknown code of the file login.php of the component Login Page. The manipulation of the argument username leads to sql injection. The attack can be initiated…

  • CVE-2024-5588Jun 2, 2024
    risk 0.00cvss epss 0.01

    A vulnerability was found in itsourcecode Learning Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file processscore.php. The manipulation of the argument LessonID leads to sql injection. The attack can…

  • CVE-2023-48205Dec 7, 2023
    risk 0.00cvss epss 0.01

    Jorani Leave Management System 1.0.2 allows a remote attacker to spoof a Host header associated with password reset emails.

  • CVE-2023-45540Oct 16, 2023
    risk 0.00cvss epss 0.01

    An issue in Jorani Leave Management System 1.0.3 allows a remote attacker to execute arbitrary HTML code via a crafted script to the comment field of the List of Leave requests page.

  • CVE-2022-47866Jan 11, 2023
    risk 0.00cvss epss 0.01

    Lead management system v1.0 is vulnerable to SQL Injection via the id parameter in removeBrand.php.

  • CVE-2022-47861Jan 11, 2023
    risk 0.00cvss epss 0.01

    Lead Management System v1.0 is vulnerable to SQL Injection via the id parameter in removeLead.php.

  • CVE-2022-47864Jan 11, 2023
    risk 0.00cvss epss 0.01

    Lead Management System v1.0 is vulnerable to SQL Injection via the id parameter in removeCategories.php.

  • CVE-2022-47862Jan 11, 2023
    risk 0.00cvss epss 0.01

    Lead Management System v1.0 is vulnerable to SQL Injection via the customer_id parameter in ajax_represent.php.

  • CVE-2022-47860Jan 11, 2023
    risk 0.00cvss epss 0.01

    Lead Management System v1.0 is vulnerable to SQL Injection via the id parameter in removeProduct.php.

  • CVE-2022-4855Dec 30, 2022
    risk 0.00cvss epss 0.26

    A vulnerability, which was classified as critical, was found in SourceCodester Lead Management System 1.0. Affected is an unknown function of the file login.php. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The…