VYPR

Vendor CVEs

Codeastro

All CVEs

221 total · sorted by risk
  • CVE-2025-11104MedSep 28, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was detected in CodeAstro Electricity Billing System 1.0. Affected by this issue is some unknown functionality of the file /admin/bill.php. The manipulation of the argument uid results in sql injection. The attack may be launched remotely. The exploit is now…

  • CVE-2025-10780MedSep 22, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was determined in CodeAstro Simple Pharmacy Management 1.0. This affects an unknown function of the file /view.php. This manipulation of the argument bar_code causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly…

  • CVE-2025-9942MedSep 4, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability has been found in CodeAstro Real Estate Management System 1.0. Affected is an unknown function of the file /submitproperty.php. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and…

  • CVE-2025-9941MedSep 4, 2025
    risk 0.41cvss 6.3epss 0.00

    A flaw has been found in CodeAstro Real Estate Management System 1.0. This impacts an unknown function of the file /register.php. Executing manipulation of the argument uimage can lead to unrestricted upload. The attack can be launched remotely. The exploit has been published…

  • CVE-2025-9847MedSep 3, 2025
    risk 0.41cvss 6.3epss 0.00

    A weakness has been identified in ScriptAndTools Real Estate Management System 1.0. Impacted is an unknown function of the file register.php. This manipulation of the argument uimage causes unrestricted upload. Remote exploitation of the attack is possible. The exploit has been…

  • CVE-2025-6329MedJun 20, 2025
    risk 0.35cvss 5.4epss 0.00

    A vulnerability was found in ScriptAndTools Real Estate Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file userdelete.php of the component User Delete Handler. The manipulation of the argument ID leads to authorization…

  • CVE-2026-3137MedFeb 25, 2026
    risk 0.34cvss 5.3epss 0.00

    A security vulnerability has been detected in CodeAstro Food Ordering System 1.0. This affects an unknown function of the file food_ordering.exe. Such manipulation leads to stack-based buffer overflow. The attack can only be performed from a local environment. The exploit has…

  • CVE-2023-33770MedMay 6, 2025
    risk 0.33cvss 5.1epss 0.00

    Real Estate Management System v1.0 was discovered to contain a SQL injection vulnerability via the message parameter at /contact.php.

  • CVE-2026-12175MedJun 13, 2026
    risk 0.31cvss 4.7epss 0.00

    A vulnerability was detected in CodeAstro Student Attendance Management System 1.0. Impacted is an unknown function of the file /attendance-php/Admin/createStudents.php. Performing a manipulation of the argument admissionNumber results in sql injection. Remote exploitation of…

  • CVE-2025-14900MedDec 19, 2025
    risk 0.31cvss 4.7epss 0.00

    A security vulnerability has been detected in CodeAstro Real Estate Management System 1.0. Affected is an unknown function of the file /admin/userdelete.php of the component Administrator Endpoint. Such manipulation of the argument ID leads to sql injection. The attack may be…

  • CVE-2025-14899MedDec 19, 2025
    risk 0.31cvss 4.7epss 0.00

    A weakness has been identified in CodeAstro Real Estate Management System 1.0. This impacts an unknown function of the file /admin/stateadd.php of the component Administrator Endpoint. This manipulation causes sql injection. The attack may be initiated remotely. The exploit has…

  • CVE-2025-14898MedDec 19, 2025
    risk 0.31cvss 4.7epss 0.00

    A security flaw has been discovered in CodeAstro Real Estate Management System 1.0. This affects an unknown function of the file /admin/userbuilderdelete.php of the component Administrator Endpoint. The manipulation results in sql injection. The attack can be launched remotely.…

  • CVE-2025-14897MedDec 19, 2025
    risk 0.31cvss 4.7epss 0.00

    A vulnerability was identified in CodeAstro Real Estate Management System 1.0. The impacted element is an unknown function of the file /admin/useragentdelete.php of the component Administrator Endpoint. The manipulation leads to sql injection. The attack can be initiated…

  • CVE-2025-12610MedNov 3, 2025
    risk 0.31cvss 4.7epss 0.00

    A vulnerability was determined in CodeAstro Gym Management System 1.0. This affects an unknown part of the file /admin/view-progress-report.php. Executing a manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has been…

  • CVE-2025-12609MedNov 3, 2025
    risk 0.31cvss 4.7epss 0.00

    A vulnerability was found in CodeAstro Gym Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/update-progress.php. Performing a manipulation of the argument id/ini_weight results in sql injection. The attack may be initiated remotely.…

  • CVE-2025-13793MedNov 30, 2025
    risk 0.28cvss 4.3epss 0.00

    A weakness has been identified in winston-dsouza Ecommerce-Website up to 87734c043269baac0b4cfe9664784462138b1b2e. Affected by this issue is some unknown functionality of the file /includes/header_menu.php of the component GET Parameter Handler. Executing manipulation of the…

  • CVE-2025-13119MedNov 13, 2025
    risk 0.28cvss 4.3epss 0.00

    A flaw has been found in Fabian Ros/SourceCodester Simple E-Banking System 1.0. This affects an unknown part. This manipulation causes cross-site request forgery. The attack may be initiated remotely. The exploit has been published and may be used.

  • CVE-2025-12244MedOct 27, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability was determined in code-projects Simple E-Banking System 1.0. This affects an unknown part of the file /eBank/register.php. Executing manipulation of the argument Username can lead to cross site scripting. The attack may be launched remotely. The exploit has been…

  • CVE-2025-7133MedJul 7, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability classified as problematic has been found in CodeAstro Online Movie Ticket Booking System 1.0. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the…

  • CVE-2025-6664MedJun 25, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability, which was classified as problematic, was found in CodeAstro Patient Record Management System 1.0. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed…

  • CVE-2025-6478MedJun 22, 2025
    risk 0.28cvss 4.3epss 0.00

    A vulnerability was found in CodeAstro Expense Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. The attack may be launched remotely.

  • CVE-2026-12130LowJun 12, 2026
    risk 0.23cvss 3.5epss 0.00

    A security flaw has been discovered in CodeAstro Human Resource Management System 1.0. This affects an unknown part of the file /Projects/Add_Projects of the component Projects Management Page. The manipulation of the argument protitle results in cross site scripting. The attack…

  • CVE-2026-12129LowJun 12, 2026
    risk 0.23cvss 3.5epss 0.00

    A vulnerability was identified in CodeAstro Human Resource Management System 1.0. Affected by this issue is some unknown functionality of the file /dashboard/add_tod of the component Dashboard Interface. The manipulation of the argument todo_data leads to cross site scripting.…

  • CVE-2025-9940LowSep 4, 2025
    risk 0.23cvss 3.5epss 0.00

    A vulnerability was detected in CodeAstro Real Estate Management System 1.0. This affects an unknown function of the file /feature.php. Performing manipulation of the argument msg results in cross site scripting. The attack can be initiated remotely. The exploit is now public…

  • CVE-2025-9939LowSep 4, 2025
    risk 0.23cvss 3.5epss 0.00

    A security vulnerability has been detected in CodeAstro Real Estate Management System 1.0. The impacted element is an unknown function of the file /propertyview.php. Such manipulation of the argument msg leads to cross site scripting. It is possible to launch the attack…

  • CVE-2025-9237LowAug 20, 2025
    risk 0.23cvss 3.5epss 0.00

    A vulnerability was found in CodeAstro Ecommerce Website 1.0. This impacts an unknown function of the file /customer/my_account.php?edit_account of the component Edit Your Account Page. Performing manipulation of the argument Username results in cross site scripting. It is…

  • CVE-2025-7153LowJul 8, 2025
    risk 0.23cvss 3.5epss 0.00

    A vulnerability classified as problematic was found in CodeAstro Simple Hospital Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /doctor.html of the component POST Parameter Handler. The manipulation of the argument First Name/Last…

  • CVE-2025-7148LowJul 7, 2025
    risk 0.23cvss 3.5epss 0.00

    A vulnerability was found in CodeAstro Simple Hospital Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /patient.html of the component POST Parameter Handler. The manipulation leads to cross site scripting. The…

  • CVE-2026-11491LowJun 8, 2026
    risk 0.16cvss 2.4epss 0.00

    A vulnerability was identified in CodeAstro Human Resource Management System 1.0. Impacted is an unknown function of the file /notice/All_notice of the component Notice Board Management. Such manipulation of the argument Notice Title with the input <svg onload="alert('Stored XSS…

  • CVE-2025-6452LowJun 22, 2025
    risk 0.16cvss 2.4epss 0.00

    A vulnerability was found in CodeAstro Patient Record Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the component Generate New Report Page. The manipulation of the argument Patient Name/Name leads to cross site scripting.…

  • CVE-2025-6131LowJun 16, 2025
    risk 0.16cvss 2.4epss 0.00

    A vulnerability, which was classified as problematic, was found in CodeAstro Food Ordering System 1.0. Affected is an unknown function of the file /admin/store/edit/ of the component POST Request Parameter Handler. The manipulation of the argument Restaurant Name/Address leads…

  • CVE-2024-25869Feb 28, 2024
    risk 0.04cvss epss 0.19

    An Unrestricted File Upload vulnerability in CodeAstro Membership Management System in PHP v.1.0 allows a remote attacker to execute arbitrary code via upload of a crafted php file in the settings.php component.

  • CVE-2024-7815Aug 15, 2024
    risk 0.03cvss epss 0.01

    A vulnerability has been found in CodeAstro Online Railway Reservation System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/admin-update-employee.php of the component Update Employee Page. The manipulation of the…

  • CVE-2025-70150Feb 18, 2026
    risk 0.00cvss epss 0.01

    CodeAstro Membership Management System 1.0 contains a missing authentication vulnerability in delete_members.php that allows unauthenticated attackers to delete arbitrary member records via the id parameter.

  • CVE-2025-70149Feb 18, 2026
    risk 0.00cvss epss 0.00

    CodeAstro Membership Management System 1.0 is vulnerable to SQL Injection in print_membership_card.php via the ID parameter.

  • CVE-2025-70148Feb 18, 2026
    risk 0.00cvss epss 0.00

    Missing authentication and authorization in print_membership_card.php in CodeAstro Membership Management System 1.0 allows unauthenticated attackers to access membership card data of arbitrary users via direct requests with a manipulated id parameter, resulting in insecure…

  • CVE-2024-44652Nov 17, 2025
    risk 0.00cvss epss 0.00

    Kashipara Ecommerce Website 1.0 is vulnerable to SQL Injection via the user_email, username, user_firstname, user_lastname, and user_address parameters in user_register.php.

  • CVE-2024-44653Nov 17, 2025
    risk 0.00cvss epss 0.00

    Kashipara Ecommerce Website 1.0 is vulnerable to SQL Injection via the user_email parameter in user_login.php.

  • CVE-2024-44651Nov 17, 2025
    risk 0.00cvss epss 0.00

    Kashipara Ecommerce Website 1.0 is vulnerable to SQL Injection via the recover_email parameter in user_password_recover.php.

  • CVE-2025-5611Jun 4, 2025
    risk 0.00cvss epss 0.00

    A vulnerability, which was classified as critical, was found in CodeAstro Real Estate Management System 1.0. This affects an unknown part of the file /submitpropertyupdate.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack…

  • CVE-2025-5610Jun 4, 2025
    risk 0.00cvss epss 0.00

    A vulnerability, which was classified as critical, has been found in CodeAstro Real Estate Management System 1.0. Affected by this issue is some unknown functionality of the file /submitpropertydelete.php. The manipulation of the argument ID leads to sql injection. The attack…

  • CVE-2025-5583Jun 4, 2025
    risk 0.00cvss epss 0.00

    A vulnerability classified as critical has been found in CodeAstro Real Estate Management System 1.0. Affected is an unknown function of the file /register.php. The manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed…

  • CVE-2025-5582Jun 4, 2025
    risk 0.00cvss epss 0.00

    A vulnerability was found in CodeAstro Real Estate Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /profile.php. The manipulation of the argument content leads to sql injection. The attack may be initiated remotely.…

  • CVE-2025-5581Jun 4, 2025
    risk 0.00cvss epss 0.00

    A vulnerability was found in CodeAstro Real Estate Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/index.php. The manipulation of the argument User leads to sql injection. The attack can be initiated remotely.…

  • CVE-2025-5580Jun 4, 2025
    risk 0.00cvss epss 0.00

    A vulnerability was found in CodeAstro Real Estate Management System 1.0. It has been classified as critical. This affects an unknown part of the file /login.php. The manipulation of the argument email leads to sql injection. It is possible to initiate the attack remotely. The…

  • CVE-2025-5128May 24, 2025
    risk 0.00cvss epss 0.01

    A vulnerability, which was classified as critical, was found in ScriptAndTools Real-Estate-website-in-PHP 1.0. Affected is an unknown function of the file /admin/ of the component Admin Login Panel. The manipulation of the argument Password leads to sql injection. It is possible…

  • CVE-2025-4811May 16, 2025
    risk 0.00cvss epss 0.00

    A vulnerability was found in CodeAstro Pharmacy Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /index.php of the component Login. The manipulation of the argument Username leads to sql injection. The attack…

  • CVE-2025-4067Apr 29, 2025
    risk 0.00cvss epss 0.00

    A vulnerability classified as critical has been found in ScriptAndTools Online-Travling-System 1.0. Affected is an unknown function of the file /admin/viewpackage.php. The manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit…

  • CVE-2025-4066Apr 29, 2025
    risk 0.00cvss epss 0.00

    A vulnerability was found in ScriptAndTools Online-Travling-System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/addpackage.php. The manipulation leads to improper access controls. The attack may be initiated remotely. The…

  • CVE-2025-4065Apr 29, 2025
    risk 0.00cvss epss 0.00

    A vulnerability was found in ScriptAndTools Online-Travling-System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/addadvertisement.php. The manipulation leads to improper access controls. The attack can be initiated remotely.…

Page 2 of 5