Vendor
Carmelogarcia
Products
4
CVEs
13
Across products
13
Status
Private
Products
4- 5 CVEs
- 4 CVEs
- 3 CVEs
- 1 CVE
Recent CVEs
13| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-12316 | Hig | 0.47 | 7.3 | 0.00 | Oct 27, 2025 | A vulnerability was identified in code-projects Courier Management System 1.0. This impacts an unknown function of the file /courier/edit-courier.php. The manipulation of the argument OfficeName leads to sql injection. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. | |
| CVE-2025-6124 | Hig | 0.47 | 7.3 | 0.00 | Jun 16, 2025 | A vulnerability was found in code-projects Restaurant Order System 1.0 and classified as critical. This issue affects some unknown processing of the file /tablelow.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |
| CVE-2025-6123 | Hig | 0.47 | 7.3 | 0.00 | Jun 16, 2025 | A vulnerability has been found in code-projects Restaurant Order System 1.0 and classified as critical. This vulnerability affects unknown code of the file /payment.php. The manipulation of the argument tabidNoti leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |
| CVE-2025-5980 | Hig | 0.47 | 7.3 | 0.00 | Jun 10, 2025 | A vulnerability classified as critical was found in code-projects Restaurant Order System 1.0. This vulnerability affects unknown code of the file /order.php. The manipulation of the argument tabidNoti leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |
| CVE-2025-14222 | Med | 0.41 | 6.3 | 0.00 | Dec 8, 2025 | A flaw has been found in code-projects Employee Profile Management System 1.0. Affected is an unknown function of the file /print_personnel_report.php. This manipulation of the argument per_id causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used. | |
| CVE-2025-14195 | Med | 0.41 | 6.3 | 0.00 | Dec 7, 2025 | A security flaw has been discovered in code-projects Employee Profile Management System 1.0. Impacted is an unknown function of the file /profiling/add_file_query.php. The manipulation of the argument per_file results in unrestricted upload. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks. | |
| CVE-2025-14193 | Med | 0.41 | 6.3 | 0.00 | Dec 7, 2025 | A vulnerability was determined in code-projects Employee Profile Management System 1.0. This vulnerability affects unknown code of the file /view_personnel.php. Executing a manipulation of the argument per_id can lead to sql injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. | |
| CVE-2025-13396 | Med | 0.41 | 6.3 | 0.00 | Nov 19, 2025 | A weakness has been identified in code-projects Courier Management System 1.0. This affects an unknown function of the file /add-office.php. This manipulation of the argument OfficeName causes sql injection. The attack may be initiated remotely. The exploit has been made available to the public and could be exploited. | |
| CVE-2025-13303 | Med | 0.41 | 6.3 | 0.00 | Nov 17, 2025 | A vulnerability was determined in code-projects Courier Management System 1.0. Affected by this issue is some unknown functionality of the file /search-edit.php. This manipulation of the argument Consignment causes sql injection. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. | |
| CVE-2025-11553 | Med | 0.41 | 6.3 | 0.00 | Oct 9, 2025 | A weakness has been identified in code-projects Courier Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /add-courier.php. Executing manipulation of the argument Shippername can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the public and could be exploited. | |
| CVE-2025-13302 | Med | 0.31 | 4.7 | 0.00 | Nov 17, 2025 | A vulnerability was identified in code-projects Courier Management System 1.0. This affects an unknown part of the file /add-new-officer.php. Such manipulation of the argument ManagerName leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be used. | |
| CVE-2023-7096 | Med | 0.31 | 4.7 | 0.00 | Dec 25, 2023 | A flaw has been found in code-projects Faculty Management System 1.0. The affected element is an unknown function of the file /admin/php/crud.php. This manipulation of the argument fieldname/tablename causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may be used. | |
| CVE-2025-14194 | Low | 0.23 | 3.5 | 0.00 | Dec 7, 2025 | A vulnerability was identified in code-projects Employee Profile Management System 1.0. This issue affects some unknown processing of the file /view_personnel.php. The manipulation of the argument per_address/dr_school/other_school leads to cross site scripting. The attack may be initiated remotely. The exploit is publicly available and might be used. |