VYPR

Vendor CVEs

Carmelo

All CVEs

165 total · sorted by risk
  • CVE-2026-0728MedJan 8, 2026
    risk 0.31cvss 4.7epss 0.00

    A security vulnerability has been detected in code-projects Intern Membership Management System 1.0. This issue affects some unknown processing of the file /intern/admin/delete_admin.php. Such manipulation of the argument admin_id leads to sql injection. The attack may be…

  • CVE-2026-0701MedJan 8, 2026
    risk 0.31cvss 4.7epss 0.00

    A vulnerability was identified in code-projects Intern Membership Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /intern/admin/add_admin.php. The manipulation of the argument Username leads to sql injection. The attack is possible…

  • CVE-2026-0699MedJan 8, 2026
    risk 0.31cvss 4.7epss 0.00

    A vulnerability was found in code-projects Intern Membership Management System 1.0. This impacts an unknown function of the file /intern/admin/edit_activity.php. Performing a manipulation of the argument activity_id results in sql injection. Remote exploitation of the attack is…

  • CVE-2026-0698MedJan 8, 2026
    risk 0.31cvss 4.7epss 0.00

    A vulnerability has been found in code-projects Intern Membership Management System 1.0. This affects an unknown function of the file /intern/admin/edit_students.php. Such manipulation of the argument admin_id leads to sql injection. The attack may be launched remotely. The…

  • CVE-2026-0697MedJan 8, 2026
    risk 0.31cvss 4.7epss 0.00

    A flaw has been found in code-projects Intern Membership Management System 1.0. The impacted element is an unknown function of the file /intern/admin/edit_admin.php. This manipulation of the argument admin_id causes sql injection. The attack may be initiated remotely. The…

  • CVE-2025-14642MedDec 14, 2025
    risk 0.31cvss 4.7epss 0.00

    A vulnerability has been found in code-projects Computer Laboratory System 1.0. Impacted is an unknown function of the file technical_staff_pic.php. Such manipulation of the argument image leads to unrestricted upload. The attack may be launched remotely. The exploit has been…

  • CVE-2025-14641MedDec 14, 2025
    risk 0.31cvss 4.7epss 0.00

    A flaw has been found in code-projects Computer Laboratory System 1.0. This issue affects some unknown processing of the file admin/admin_pic.php. This manipulation of the argument image causes unrestricted upload. The attack may be initiated remotely. The exploit has been…

  • CVE-2025-13302MedNov 17, 2025
    risk 0.31cvss 4.7epss 0.00

    A vulnerability was identified in code-projects Courier Management System 1.0. This affects an unknown part of the file /add-new-officer.php. Such manipulation of the argument ManagerName leads to sql injection. The attack can be launched remotely. The exploit is publicly…

  • CVE-2023-7096MedDec 25, 2023
    risk 0.31cvss 4.7epss 0.01

    A flaw has been found in code-projects Faculty Management System 1.0. The affected element is an unknown function of the file /admin/php/crud.php. This manipulation of the argument fieldname/tablename causes sql injection. The attack is possible to be carried out remotely. The…

  • CVE-2026-5847MedApr 9, 2026
    risk 0.28cvss 4.3epss 0.00

    A vulnerability has been found in code-projects Movie Ticketing System 1.0. Impacted is an unknown function of the file /db/moviedb.sql of the component SQL Database Backup File Handler. Such manipulation leads to information disclosure. The attack can be launched remotely. The…

  • CVE-2026-3763MedMar 8, 2026
    risk 0.28cvss 4.3epss 0.00

    A vulnerability was found in code-projects Simple Flight Ticket Booking System 1.0. The affected element is an unknown function of the file showhistory.php. The manipulation results in cross site scripting. It is possible to launch the attack remotely. The exploit has been made…

  • CVE-2025-14962MedDec 19, 2025
    risk 0.28cvss 4.3epss 0.00

    A flaw has been found in code-projects Simple Stock System 1.0. The impacted element is an unknown function of the file /market/chatuser.php. This manipulation causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been published and may…

  • CVE-2025-14531MedDec 11, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability was found in code-projects Rental Management System 2.0. This affects an unknown function of the file Transaction.java of the component Log Handler. Performing manipulation results in crlf injection. The attack can be initiated remotely. The exploit has been made…

  • CVE-2025-8340MedJul 31, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability was found in code-projects Intern Membership Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file fill_details.php of the component Error Message Handler. The manipulation of the argument email leads to…

  • CVE-2025-5732MedJun 6, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability, which was classified as problematic, was found in code-projects Traffic Offense Reporting System 1.0. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been…

  • CVE-2025-14194LowDec 7, 2025
    risk 0.23cvss 3.5epss 0.00

    A vulnerability was identified in code-projects Employee Profile Management System 1.0. This issue affects some unknown processing of the file /view_personnel.php. The manipulation of the argument per_address/dr_school/other_school leads to cross site scripting. The attack may…

  • CVE-2025-9845LowSep 3, 2025
    risk 0.23cvss 3.5epss 0.00

    A vulnerability has been found in code-projects Fruit Shop Management System 1.0. Affected by this vulnerability is an unknown functionality of the file products.php. Such manipulation of the argument product_code/gen_name/product_name/supplier leads to cross site scripting. It…

  • CVE-2025-8167LowJul 25, 2025
    risk 0.23cvss 3.5epss 0.00

    A vulnerability was found in code-projects Church Donation System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/edit_members.php. The manipulation of the argument fname leads to cross site scripting. The…

  • CVE-2025-5757LowJun 6, 2025
    risk 0.23cvss 3.5epss 0.00

    A vulnerability was found in code-projects Traffic Offense Reporting System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /save-reported.php. The manipulation of the argument offence_id/vehicle_no/driver_license/name/addre…

  • CVE-2023-0902Feb 18, 2023
    risk 0.03cvss epss 0.03

    A vulnerability was found in SourceCodester Simple Food Ordering System 1.0. It has been classified as problematic. This affects an unknown part of the file process_order.php. The manipulation of the argument order leads to cross site scripting. It is possible to initiate the…

  • CVE-2021-46005Jan 18, 2022
    risk 0.01cvss epss 0.03

    Sourcecodester Car Rental Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via vehicalorcview parameter.

  • CVE-2020-27956Oct 28, 2020
    risk 0.01cvss epss 0.05

    An Arbitrary File Upload in the Upload Image component in SourceCodester Car Rental Management System 1.0 allows the user to conduct remote code execution via admin/index.php?page=manage_car because .php files can be uploaded to admin/assets/uploads/ (under the web root).

  • CVE-2026-2158Feb 8, 2026
    risk 0.00cvss epss 0.00

    A vulnerability was detected in code-projects Student Web Portal 1.0. This impacts an unknown function of the file /check_user.php. Performing a manipulation of the argument Username results in sql injection. It is possible to initiate the attack remotely.

  • CVE-2025-69559Jan 27, 2026
    risk 0.00cvss epss 0.01

    code-projects Computer Book Store 1.0 is vulnerable to File Upload in admin_add.php.

  • CVE-2025-60307Oct 10, 2025
    risk 0.00cvss epss 0.00

    code-projects Computer Laboratory System 1.0 has a SQL injection vulnerability, where entering a universal password in the Password field on the login page can bypass login attempts.

  • CVE-2025-56295Sep 16, 2025
    risk 0.00cvss epss 0.00

    code-projects Computer Laboratory System 1.0 has a file upload vulnerability. Staff can upload malicious files by uploading PHP backdoor files when modifying personal avatar information and use web shell connection tools to obtain server permissions.

  • CVE-2025-5661Jun 5, 2025
    risk 0.00cvss epss 0.00

    A vulnerability, which was classified as problematic, was found in code-projects Traffic Offense Reporting System 1.0. This affects an unknown part of the file /save-settings.php of the component Setting Handler. The manipulation of the argument site_name leads to cross site…

  • CVE-2025-5651Jun 5, 2025
    risk 0.00cvss epss 0.00

    A vulnerability, which was classified as problematic, has been found in code-projects Traffic Offense Reporting System 1.0. This issue affects some unknown processing of the file saveuser.php. The manipulation of the argument user_id/username/email/name/position leads to cross…

  • CVE-2024-10733Nov 3, 2024
    risk 0.00cvss epss 0.01

    A vulnerability was found in code-projects Restaurant Order System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /login.php. The manipulation of the argument uid leads to sql injection. The attack may be launched remotely. The…

  • CVE-2024-48579Oct 25, 2024
    risk 0.00cvss epss 0.01

    SQL Injection vulnerability in Best House rental management system project in php v.1.0 allows a remote attacker to execute arbitrary code via the username parameter of the login request.

  • CVE-2024-46374Sep 18, 2024
    risk 0.00cvss epss 0.00

    Best House Rental Management System 1.0 contains a SQL injection vulnerability in the delete_category() function of the file rental/admin_class.php.

  • CVE-2024-46375Sep 18, 2024
    risk 0.00cvss epss 0.01

    Best House Rental Management System 1.0 contains an arbitrary file upload vulnerability in the signup() function of the file rental/admin_class.php.

  • CVE-2024-4945May 16, 2024
    risk 0.00cvss epss 0.01

    A vulnerability was found in SourceCodester Best Courier Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file view_parcel.php. The manipulation of the argument id leads to unrestricted upload. It is possible to launch the…

  • CVE-2024-28279May 13, 2024
    risk 0.00cvss epss 0.00

    Code-projects Computer Book Store 1.0 is vulnerable to SQL Injection via book.php?bookisbn=.

  • CVE-2024-24096Feb 27, 2024
    risk 0.00cvss epss 0.00

    Code-projects Computer Book Store 1.0 is vulnerable to SQL Injection via BookSBIN.

  • CVE-2024-24100Feb 27, 2024
    risk 0.00cvss epss 0.01

    Code-projects Computer Book Store 1.0 is vulnerable to SQL Injection via PublisherID.

  • CVE-2024-24095Feb 27, 2024
    risk 0.00cvss epss 0.01

    Code-projects Simple Stock System 1.0 is vulnerable to SQL Injection.

  • CVE-2024-0460Jan 12, 2024
    risk 0.00cvss epss 0.01

    A vulnerability was found in code-projects Faculty Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/pages/student-print.php. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit…

  • CVE-2023-7132Dec 28, 2023
    risk 0.00cvss epss 0.01

    A vulnerability was found in code-projects Intern Membership Management System 2.0. It has been classified as problematic. This affects an unknown part of the file /user_registration/ of the component User Registration. The manipulation of the argument…

  • CVE-2023-7131Dec 28, 2023
    risk 0.00cvss epss 0.01

    A vulnerability was found in code-projects Intern Membership Management System 2.0 and classified as critical. Affected by this issue is some unknown functionality of the file /user_registration/ of the component User Registration. The manipulation of the argument userName leads…

  • CVE-2023-7057Dec 22, 2023
    risk 0.00cvss epss 0.01

    A vulnerability, which was classified as problematic, has been found in code-projects Faculty Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/pages/yearlevel.php. The manipulation of the argument Year Level/Section leads to cross…

  • CVE-2023-7056Dec 22, 2023
    risk 0.00cvss epss 0.00

    A vulnerability classified as problematic was found in code-projects Faculty Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/pages/subjects.php. The manipulation of the argument Description/Units leads to cross site scripting.…

  • CVE-2023-6898Dec 17, 2023
    risk 0.00cvss epss 0.01

    A vulnerability classified as critical has been found in SourceCodester Best Courier Management System 1.0. Affected is an unknown function of the file manage_user.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and…

  • CVE-2023-48823Dec 7, 2023
    risk 0.00cvss epss 0.01

    A Blind SQL injection issue in ajax.php in GaatiTrack Courier Management System 1.0 allows an unauthenticated attacker to inject a payload via the email parameter during login.

  • CVE-2023-6301Nov 26, 2023
    risk 0.00cvss epss 0.01

    A vulnerability has been found in SourceCodester Best Courier Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file parcel_list.php of the component GET Parameter Handler. The manipulation of the argument id…

  • CVE-2023-46004Oct 18, 2023
    risk 0.00cvss epss 0.01

    Sourcecodester Best Courier Management System 1.0 is vulnerable to Arbitrary file upload in the update_user function.

  • CVE-2023-46007Oct 18, 2023
    risk 0.00cvss epss 0.01

    Sourcecodester Best Courier Management System 1.0 is vulnerable to SQL Injection via the parameter id in /edit_staff.php.

  • CVE-2023-46006Oct 18, 2023
    risk 0.00cvss epss 0.01

    Sourcecodester Best Courier Management System 1.0 is vulnerable to SQL Injection via the parameter id in /edit_user.php.

  • CVE-2023-46005Oct 18, 2023
    risk 0.00cvss epss 0.01

    Sourcecodester Best Courier Management System 1.0 is vulnerable to SQL Injection via the parameter id in /edit_branch.php.

  • CVE-2023-5273Sep 29, 2023
    risk 0.00cvss epss 0.01

    A vulnerability classified as problematic was found in SourceCodester Best Courier Management System 1.0. This vulnerability affects unknown code of the file manage_parcel_status.php. The manipulation of the argument id leads to cross site scripting. The attack can be initiated…