Vendor CVEs
Carmelo
All CVEs
165 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-0728 | Med | 0.31 | 4.7 | 0.00 | Jan 8, 2026 | A security vulnerability has been detected in code-projects Intern Membership Management System 1.0. This issue affects some unknown processing of the file /intern/admin/delete_admin.php. Such manipulation of the argument admin_id leads to sql injection. The attack may be… | ||
| CVE-2026-0701 | Med | 0.31 | 4.7 | 0.00 | Jan 8, 2026 | A vulnerability was identified in code-projects Intern Membership Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /intern/admin/add_admin.php. The manipulation of the argument Username leads to sql injection. The attack is possible… | ||
| CVE-2026-0699 | Med | 0.31 | 4.7 | 0.00 | Jan 8, 2026 | A vulnerability was found in code-projects Intern Membership Management System 1.0. This impacts an unknown function of the file /intern/admin/edit_activity.php. Performing a manipulation of the argument activity_id results in sql injection. Remote exploitation of the attack is… | ||
| CVE-2026-0698 | Med | 0.31 | 4.7 | 0.00 | Jan 8, 2026 | A vulnerability has been found in code-projects Intern Membership Management System 1.0. This affects an unknown function of the file /intern/admin/edit_students.php. Such manipulation of the argument admin_id leads to sql injection. The attack may be launched remotely. The… | ||
| CVE-2026-0697 | Med | 0.31 | 4.7 | 0.00 | Jan 8, 2026 | A flaw has been found in code-projects Intern Membership Management System 1.0. The impacted element is an unknown function of the file /intern/admin/edit_admin.php. This manipulation of the argument admin_id causes sql injection. The attack may be initiated remotely. The… | ||
| CVE-2025-14642 | Med | 0.31 | 4.7 | 0.00 | Dec 14, 2025 | A vulnerability has been found in code-projects Computer Laboratory System 1.0. Impacted is an unknown function of the file technical_staff_pic.php. Such manipulation of the argument image leads to unrestricted upload. The attack may be launched remotely. The exploit has been… | ||
| CVE-2025-14641 | Med | 0.31 | 4.7 | 0.00 | Dec 14, 2025 | A flaw has been found in code-projects Computer Laboratory System 1.0. This issue affects some unknown processing of the file admin/admin_pic.php. This manipulation of the argument image causes unrestricted upload. The attack may be initiated remotely. The exploit has been… | ||
| CVE-2025-13302 | Med | 0.31 | 4.7 | 0.00 | Nov 17, 2025 | A vulnerability was identified in code-projects Courier Management System 1.0. This affects an unknown part of the file /add-new-officer.php. Such manipulation of the argument ManagerName leads to sql injection. The attack can be launched remotely. The exploit is publicly… | ||
| CVE-2023-7096 | Med | 0.31 | 4.7 | 0.01 | Dec 25, 2023 | A flaw has been found in code-projects Faculty Management System 1.0. The affected element is an unknown function of the file /admin/php/crud.php. This manipulation of the argument fieldname/tablename causes sql injection. The attack is possible to be carried out remotely. The… | ||
| CVE-2026-5847 | Med | 0.28 | 4.3 | 0.00 | Apr 9, 2026 | A vulnerability has been found in code-projects Movie Ticketing System 1.0. Impacted is an unknown function of the file /db/moviedb.sql of the component SQL Database Backup File Handler. Such manipulation leads to information disclosure. The attack can be launched remotely. The… | ||
| CVE-2026-3763 | Med | 0.28 | 4.3 | 0.00 | Mar 8, 2026 | A vulnerability was found in code-projects Simple Flight Ticket Booking System 1.0. The affected element is an unknown function of the file showhistory.php. The manipulation results in cross site scripting. It is possible to launch the attack remotely. The exploit has been made… | ||
| CVE-2025-14962 | Med | 0.28 | 4.3 | 0.00 | Dec 19, 2025 | A flaw has been found in code-projects Simple Stock System 1.0. The impacted element is an unknown function of the file /market/chatuser.php. This manipulation causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been published and may… | ||
| CVE-2025-14531 | Med | 0.28 | 4.3 | 0.00 | Dec 11, 2025 | A vulnerability was found in code-projects Rental Management System 2.0. This affects an unknown function of the file Transaction.java of the component Log Handler. Performing manipulation results in crlf injection. The attack can be initiated remotely. The exploit has been made… | ||
| CVE-2025-8340 | Med | 0.28 | 4.3 | 0.00 | Jul 31, 2025 | A vulnerability was found in code-projects Intern Membership Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file fill_details.php of the component Error Message Handler. The manipulation of the argument email leads to… | ||
| CVE-2025-5732 | Med | 0.28 | 4.3 | 0.00 | Jun 6, 2025 | A vulnerability, which was classified as problematic, was found in code-projects Traffic Offense Reporting System 1.0. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been… | ||
| CVE-2025-14194 | Low | 0.23 | 3.5 | 0.00 | Dec 7, 2025 | A vulnerability was identified in code-projects Employee Profile Management System 1.0. This issue affects some unknown processing of the file /view_personnel.php. The manipulation of the argument per_address/dr_school/other_school leads to cross site scripting. The attack may… | ||
| CVE-2025-9845 | Low | 0.23 | 3.5 | 0.00 | Sep 3, 2025 | A vulnerability has been found in code-projects Fruit Shop Management System 1.0. Affected by this vulnerability is an unknown functionality of the file products.php. Such manipulation of the argument product_code/gen_name/product_name/supplier leads to cross site scripting. It… | ||
| CVE-2025-8167 | Low | 0.23 | 3.5 | 0.00 | Jul 25, 2025 | A vulnerability was found in code-projects Church Donation System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/edit_members.php. The manipulation of the argument fname leads to cross site scripting. The… | ||
| CVE-2025-5757 | Low | 0.23 | 3.5 | 0.00 | Jun 6, 2025 | A vulnerability was found in code-projects Traffic Offense Reporting System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /save-reported.php. The manipulation of the argument offence_id/vehicle_no/driver_license/name/addre… | ||
| CVE-2023-0902 | 0.03 | — | 0.03 | Feb 18, 2023 | A vulnerability was found in SourceCodester Simple Food Ordering System 1.0. It has been classified as problematic. This affects an unknown part of the file process_order.php. The manipulation of the argument order leads to cross site scripting. It is possible to initiate the… | |||
| CVE-2021-46005 | 0.01 | — | 0.03 | Jan 18, 2022 | Sourcecodester Car Rental Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via vehicalorcview parameter. | |||
| CVE-2020-27956 | 0.01 | — | 0.05 | Oct 28, 2020 | An Arbitrary File Upload in the Upload Image component in SourceCodester Car Rental Management System 1.0 allows the user to conduct remote code execution via admin/index.php?page=manage_car because .php files can be uploaded to admin/assets/uploads/ (under the web root). | |||
| CVE-2026-2158 | 0.00 | — | 0.00 | Feb 8, 2026 | A vulnerability was detected in code-projects Student Web Portal 1.0. This impacts an unknown function of the file /check_user.php. Performing a manipulation of the argument Username results in sql injection. It is possible to initiate the attack remotely. | |||
| CVE-2025-69559 | 0.00 | — | 0.01 | Jan 27, 2026 | code-projects Computer Book Store 1.0 is vulnerable to File Upload in admin_add.php. | |||
| CVE-2025-60307 | 0.00 | — | 0.00 | Oct 10, 2025 | code-projects Computer Laboratory System 1.0 has a SQL injection vulnerability, where entering a universal password in the Password field on the login page can bypass login attempts. | |||
| CVE-2025-56295 | 0.00 | — | 0.00 | Sep 16, 2025 | code-projects Computer Laboratory System 1.0 has a file upload vulnerability. Staff can upload malicious files by uploading PHP backdoor files when modifying personal avatar information and use web shell connection tools to obtain server permissions. | |||
| CVE-2025-5661 | 0.00 | — | 0.00 | Jun 5, 2025 | A vulnerability, which was classified as problematic, was found in code-projects Traffic Offense Reporting System 1.0. This affects an unknown part of the file /save-settings.php of the component Setting Handler. The manipulation of the argument site_name leads to cross site… | |||
| CVE-2025-5651 | 0.00 | — | 0.00 | Jun 5, 2025 | A vulnerability, which was classified as problematic, has been found in code-projects Traffic Offense Reporting System 1.0. This issue affects some unknown processing of the file saveuser.php. The manipulation of the argument user_id/username/email/name/position leads to cross… | |||
| CVE-2024-10733 | 0.00 | — | 0.01 | Nov 3, 2024 | A vulnerability was found in code-projects Restaurant Order System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /login.php. The manipulation of the argument uid leads to sql injection. The attack may be launched remotely. The… | |||
| CVE-2024-48579 | 0.00 | — | 0.01 | Oct 25, 2024 | SQL Injection vulnerability in Best House rental management system project in php v.1.0 allows a remote attacker to execute arbitrary code via the username parameter of the login request. | |||
| CVE-2024-46374 | 0.00 | — | 0.00 | Sep 18, 2024 | Best House Rental Management System 1.0 contains a SQL injection vulnerability in the delete_category() function of the file rental/admin_class.php. | |||
| CVE-2024-46375 | 0.00 | — | 0.01 | Sep 18, 2024 | Best House Rental Management System 1.0 contains an arbitrary file upload vulnerability in the signup() function of the file rental/admin_class.php. | |||
| CVE-2024-4945 | 0.00 | — | 0.01 | May 16, 2024 | A vulnerability was found in SourceCodester Best Courier Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file view_parcel.php. The manipulation of the argument id leads to unrestricted upload. It is possible to launch the… | |||
| CVE-2024-28279 | 0.00 | — | 0.00 | May 13, 2024 | Code-projects Computer Book Store 1.0 is vulnerable to SQL Injection via book.php?bookisbn=. | |||
| CVE-2024-24096 | 0.00 | — | 0.00 | Feb 27, 2024 | Code-projects Computer Book Store 1.0 is vulnerable to SQL Injection via BookSBIN. | |||
| CVE-2024-24100 | 0.00 | — | 0.01 | Feb 27, 2024 | Code-projects Computer Book Store 1.0 is vulnerable to SQL Injection via PublisherID. | |||
| CVE-2024-24095 | 0.00 | — | 0.01 | Feb 27, 2024 | Code-projects Simple Stock System 1.0 is vulnerable to SQL Injection. | |||
| CVE-2024-0460 | 0.00 | — | 0.01 | Jan 12, 2024 | A vulnerability was found in code-projects Faculty Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/pages/student-print.php. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit… | |||
| CVE-2023-7132 | 0.00 | — | 0.01 | Dec 28, 2023 | A vulnerability was found in code-projects Intern Membership Management System 2.0. It has been classified as problematic. This affects an unknown part of the file /user_registration/ of the component User Registration. The manipulation of the argument… | |||
| CVE-2023-7131 | 0.00 | — | 0.01 | Dec 28, 2023 | A vulnerability was found in code-projects Intern Membership Management System 2.0 and classified as critical. Affected by this issue is some unknown functionality of the file /user_registration/ of the component User Registration. The manipulation of the argument userName leads… | |||
| CVE-2023-7057 | 0.00 | — | 0.01 | Dec 22, 2023 | A vulnerability, which was classified as problematic, has been found in code-projects Faculty Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/pages/yearlevel.php. The manipulation of the argument Year Level/Section leads to cross… | |||
| CVE-2023-7056 | 0.00 | — | 0.00 | Dec 22, 2023 | A vulnerability classified as problematic was found in code-projects Faculty Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/pages/subjects.php. The manipulation of the argument Description/Units leads to cross site scripting.… | |||
| CVE-2023-6898 | 0.00 | — | 0.01 | Dec 17, 2023 | A vulnerability classified as critical has been found in SourceCodester Best Courier Management System 1.0. Affected is an unknown function of the file manage_user.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and… | |||
| CVE-2023-48823 | 0.00 | — | 0.01 | Dec 7, 2023 | A Blind SQL injection issue in ajax.php in GaatiTrack Courier Management System 1.0 allows an unauthenticated attacker to inject a payload via the email parameter during login. | |||
| CVE-2023-6301 | 0.00 | — | 0.01 | Nov 26, 2023 | A vulnerability has been found in SourceCodester Best Courier Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file parcel_list.php of the component GET Parameter Handler. The manipulation of the argument id… | |||
| CVE-2023-46004 | 0.00 | — | 0.01 | Oct 18, 2023 | Sourcecodester Best Courier Management System 1.0 is vulnerable to Arbitrary file upload in the update_user function. | |||
| CVE-2023-46007 | 0.00 | — | 0.01 | Oct 18, 2023 | Sourcecodester Best Courier Management System 1.0 is vulnerable to SQL Injection via the parameter id in /edit_staff.php. | |||
| CVE-2023-46006 | 0.00 | — | 0.01 | Oct 18, 2023 | Sourcecodester Best Courier Management System 1.0 is vulnerable to SQL Injection via the parameter id in /edit_user.php. | |||
| CVE-2023-46005 | 0.00 | — | 0.01 | Oct 18, 2023 | Sourcecodester Best Courier Management System 1.0 is vulnerable to SQL Injection via the parameter id in /edit_branch.php. | |||
| CVE-2023-5273 | 0.00 | — | 0.01 | Sep 29, 2023 | A vulnerability classified as problematic was found in SourceCodester Best Courier Management System 1.0. This vulnerability affects unknown code of the file manage_parcel_status.php. The manipulation of the argument id leads to cross site scripting. The attack can be initiated… |
- risk 0.31cvss 4.7epss 0.00
A security vulnerability has been detected in code-projects Intern Membership Management System 1.0. This issue affects some unknown processing of the file /intern/admin/delete_admin.php. Such manipulation of the argument admin_id leads to sql injection. The attack may be…
- risk 0.31cvss 4.7epss 0.00
A vulnerability was identified in code-projects Intern Membership Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /intern/admin/add_admin.php. The manipulation of the argument Username leads to sql injection. The attack is possible…
- risk 0.31cvss 4.7epss 0.00
A vulnerability was found in code-projects Intern Membership Management System 1.0. This impacts an unknown function of the file /intern/admin/edit_activity.php. Performing a manipulation of the argument activity_id results in sql injection. Remote exploitation of the attack is…
- risk 0.31cvss 4.7epss 0.00
A vulnerability has been found in code-projects Intern Membership Management System 1.0. This affects an unknown function of the file /intern/admin/edit_students.php. Such manipulation of the argument admin_id leads to sql injection. The attack may be launched remotely. The…
- risk 0.31cvss 4.7epss 0.00
A flaw has been found in code-projects Intern Membership Management System 1.0. The impacted element is an unknown function of the file /intern/admin/edit_admin.php. This manipulation of the argument admin_id causes sql injection. The attack may be initiated remotely. The…
- risk 0.31cvss 4.7epss 0.00
A vulnerability has been found in code-projects Computer Laboratory System 1.0. Impacted is an unknown function of the file technical_staff_pic.php. Such manipulation of the argument image leads to unrestricted upload. The attack may be launched remotely. The exploit has been…
- risk 0.31cvss 4.7epss 0.00
A flaw has been found in code-projects Computer Laboratory System 1.0. This issue affects some unknown processing of the file admin/admin_pic.php. This manipulation of the argument image causes unrestricted upload. The attack may be initiated remotely. The exploit has been…
- risk 0.31cvss 4.7epss 0.00
A vulnerability was identified in code-projects Courier Management System 1.0. This affects an unknown part of the file /add-new-officer.php. Such manipulation of the argument ManagerName leads to sql injection. The attack can be launched remotely. The exploit is publicly…
- risk 0.31cvss 4.7epss 0.01
A flaw has been found in code-projects Faculty Management System 1.0. The affected element is an unknown function of the file /admin/php/crud.php. This manipulation of the argument fieldname/tablename causes sql injection. The attack is possible to be carried out remotely. The…
- risk 0.28cvss 4.3epss 0.00
A vulnerability has been found in code-projects Movie Ticketing System 1.0. Impacted is an unknown function of the file /db/moviedb.sql of the component SQL Database Backup File Handler. Such manipulation leads to information disclosure. The attack can be launched remotely. The…
- risk 0.28cvss 4.3epss 0.00
A vulnerability was found in code-projects Simple Flight Ticket Booking System 1.0. The affected element is an unknown function of the file showhistory.php. The manipulation results in cross site scripting. It is possible to launch the attack remotely. The exploit has been made…
- risk 0.28cvss 4.3epss 0.00
A flaw has been found in code-projects Simple Stock System 1.0. The impacted element is an unknown function of the file /market/chatuser.php. This manipulation causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been published and may…
- risk 0.28cvss 4.3epss 0.00
A vulnerability was found in code-projects Rental Management System 2.0. This affects an unknown function of the file Transaction.java of the component Log Handler. Performing manipulation results in crlf injection. The attack can be initiated remotely. The exploit has been made…
- risk 0.28cvss 4.3epss 0.00
A vulnerability was found in code-projects Intern Membership Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file fill_details.php of the component Error Message Handler. The manipulation of the argument email leads to…
- risk 0.28cvss 4.3epss 0.00
A vulnerability, which was classified as problematic, was found in code-projects Traffic Offense Reporting System 1.0. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been…
- risk 0.23cvss 3.5epss 0.00
A vulnerability was identified in code-projects Employee Profile Management System 1.0. This issue affects some unknown processing of the file /view_personnel.php. The manipulation of the argument per_address/dr_school/other_school leads to cross site scripting. The attack may…
- risk 0.23cvss 3.5epss 0.00
A vulnerability has been found in code-projects Fruit Shop Management System 1.0. Affected by this vulnerability is an unknown functionality of the file products.php. Such manipulation of the argument product_code/gen_name/product_name/supplier leads to cross site scripting. It…
- risk 0.23cvss 3.5epss 0.00
A vulnerability was found in code-projects Church Donation System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/edit_members.php. The manipulation of the argument fname leads to cross site scripting. The…
- risk 0.23cvss 3.5epss 0.00
A vulnerability was found in code-projects Traffic Offense Reporting System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /save-reported.php. The manipulation of the argument offence_id/vehicle_no/driver_license/name/addre…
- CVE-2023-0902Feb 18, 2023risk 0.03cvss —epss 0.03
A vulnerability was found in SourceCodester Simple Food Ordering System 1.0. It has been classified as problematic. This affects an unknown part of the file process_order.php. The manipulation of the argument order leads to cross site scripting. It is possible to initiate the…
- CVE-2021-46005Jan 18, 2022risk 0.01cvss —epss 0.03
Sourcecodester Car Rental Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via vehicalorcview parameter.
- CVE-2020-27956Oct 28, 2020risk 0.01cvss —epss 0.05
An Arbitrary File Upload in the Upload Image component in SourceCodester Car Rental Management System 1.0 allows the user to conduct remote code execution via admin/index.php?page=manage_car because .php files can be uploaded to admin/assets/uploads/ (under the web root).
- CVE-2026-2158Feb 8, 2026risk 0.00cvss —epss 0.00
A vulnerability was detected in code-projects Student Web Portal 1.0. This impacts an unknown function of the file /check_user.php. Performing a manipulation of the argument Username results in sql injection. It is possible to initiate the attack remotely.
- CVE-2025-69559Jan 27, 2026risk 0.00cvss —epss 0.01
code-projects Computer Book Store 1.0 is vulnerable to File Upload in admin_add.php.
- CVE-2025-60307Oct 10, 2025risk 0.00cvss —epss 0.00
code-projects Computer Laboratory System 1.0 has a SQL injection vulnerability, where entering a universal password in the Password field on the login page can bypass login attempts.
- CVE-2025-56295Sep 16, 2025risk 0.00cvss —epss 0.00
code-projects Computer Laboratory System 1.0 has a file upload vulnerability. Staff can upload malicious files by uploading PHP backdoor files when modifying personal avatar information and use web shell connection tools to obtain server permissions.
- CVE-2025-5661Jun 5, 2025risk 0.00cvss —epss 0.00
A vulnerability, which was classified as problematic, was found in code-projects Traffic Offense Reporting System 1.0. This affects an unknown part of the file /save-settings.php of the component Setting Handler. The manipulation of the argument site_name leads to cross site…
- CVE-2025-5651Jun 5, 2025risk 0.00cvss —epss 0.00
A vulnerability, which was classified as problematic, has been found in code-projects Traffic Offense Reporting System 1.0. This issue affects some unknown processing of the file saveuser.php. The manipulation of the argument user_id/username/email/name/position leads to cross…
- CVE-2024-10733Nov 3, 2024risk 0.00cvss —epss 0.01
A vulnerability was found in code-projects Restaurant Order System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /login.php. The manipulation of the argument uid leads to sql injection. The attack may be launched remotely. The…
- CVE-2024-48579Oct 25, 2024risk 0.00cvss —epss 0.01
SQL Injection vulnerability in Best House rental management system project in php v.1.0 allows a remote attacker to execute arbitrary code via the username parameter of the login request.
- CVE-2024-46374Sep 18, 2024risk 0.00cvss —epss 0.00
Best House Rental Management System 1.0 contains a SQL injection vulnerability in the delete_category() function of the file rental/admin_class.php.
- CVE-2024-46375Sep 18, 2024risk 0.00cvss —epss 0.01
Best House Rental Management System 1.0 contains an arbitrary file upload vulnerability in the signup() function of the file rental/admin_class.php.
- CVE-2024-4945May 16, 2024risk 0.00cvss —epss 0.01
A vulnerability was found in SourceCodester Best Courier Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file view_parcel.php. The manipulation of the argument id leads to unrestricted upload. It is possible to launch the…
- CVE-2024-28279May 13, 2024risk 0.00cvss —epss 0.00
Code-projects Computer Book Store 1.0 is vulnerable to SQL Injection via book.php?bookisbn=.
- CVE-2024-24096Feb 27, 2024risk 0.00cvss —epss 0.00
Code-projects Computer Book Store 1.0 is vulnerable to SQL Injection via BookSBIN.
- CVE-2024-24100Feb 27, 2024risk 0.00cvss —epss 0.01
Code-projects Computer Book Store 1.0 is vulnerable to SQL Injection via PublisherID.
- CVE-2024-24095Feb 27, 2024risk 0.00cvss —epss 0.01
Code-projects Simple Stock System 1.0 is vulnerable to SQL Injection.
- CVE-2024-0460Jan 12, 2024risk 0.00cvss —epss 0.01
A vulnerability was found in code-projects Faculty Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/pages/student-print.php. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit…
- CVE-2023-7132Dec 28, 2023risk 0.00cvss —epss 0.01
A vulnerability was found in code-projects Intern Membership Management System 2.0. It has been classified as problematic. This affects an unknown part of the file /user_registration/ of the component User Registration. The manipulation of the argument…
- CVE-2023-7131Dec 28, 2023risk 0.00cvss —epss 0.01
A vulnerability was found in code-projects Intern Membership Management System 2.0 and classified as critical. Affected by this issue is some unknown functionality of the file /user_registration/ of the component User Registration. The manipulation of the argument userName leads…
- CVE-2023-7057Dec 22, 2023risk 0.00cvss —epss 0.01
A vulnerability, which was classified as problematic, has been found in code-projects Faculty Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/pages/yearlevel.php. The manipulation of the argument Year Level/Section leads to cross…
- CVE-2023-7056Dec 22, 2023risk 0.00cvss —epss 0.00
A vulnerability classified as problematic was found in code-projects Faculty Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/pages/subjects.php. The manipulation of the argument Description/Units leads to cross site scripting.…
- CVE-2023-6898Dec 17, 2023risk 0.00cvss —epss 0.01
A vulnerability classified as critical has been found in SourceCodester Best Courier Management System 1.0. Affected is an unknown function of the file manage_user.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and…
- CVE-2023-48823Dec 7, 2023risk 0.00cvss —epss 0.01
A Blind SQL injection issue in ajax.php in GaatiTrack Courier Management System 1.0 allows an unauthenticated attacker to inject a payload via the email parameter during login.
- CVE-2023-6301Nov 26, 2023risk 0.00cvss —epss 0.01
A vulnerability has been found in SourceCodester Best Courier Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file parcel_list.php of the component GET Parameter Handler. The manipulation of the argument id…
- CVE-2023-46004Oct 18, 2023risk 0.00cvss —epss 0.01
Sourcecodester Best Courier Management System 1.0 is vulnerable to Arbitrary file upload in the update_user function.
- CVE-2023-46007Oct 18, 2023risk 0.00cvss —epss 0.01
Sourcecodester Best Courier Management System 1.0 is vulnerable to SQL Injection via the parameter id in /edit_staff.php.
- CVE-2023-46006Oct 18, 2023risk 0.00cvss —epss 0.01
Sourcecodester Best Courier Management System 1.0 is vulnerable to SQL Injection via the parameter id in /edit_user.php.
- CVE-2023-46005Oct 18, 2023risk 0.00cvss —epss 0.01
Sourcecodester Best Courier Management System 1.0 is vulnerable to SQL Injection via the parameter id in /edit_branch.php.
- CVE-2023-5273Sep 29, 2023risk 0.00cvss —epss 0.01
A vulnerability classified as problematic was found in SourceCodester Best Courier Management System 1.0. This vulnerability affects unknown code of the file manage_parcel_status.php. The manipulation of the argument id leads to cross site scripting. The attack can be initiated…
Page 3 of 4