VYPR

Vendor CVEs

Codeastro

All CVEs

221 total · sorted by risk
  • CVE-2025-4064Apr 29, 2025
    risk 0.00cvss epss 0.00

    A vulnerability was found in ScriptAndTools Online-Travling-System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/viewenquiry.php. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The…

  • CVE-2025-3998Apr 28, 2025
    risk 0.00cvss epss 0.00

    A vulnerability classified as critical was found in CodeAstro Membership Management System 1.0. This vulnerability affects unknown code of the file renew.php?id=6. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has…

  • CVE-2025-25776Apr 28, 2025
    risk 0.00cvss epss 0.00

    Cross-Site Scripting (XSS) vulnerability exists in the User Registration and User Profile features of Codeastro Bus Ticket Booking System v1.0 allows an attacker to execute arbitrary code into the Full Name and Address fields during user registration or profile editing.

  • CVE-2025-3975Apr 27, 2025
    risk 0.00cvss epss 0.01

    A vulnerability was found in ScriptAndTools eCommerce-website-in-PHP 3.0 and classified as problematic. This issue affects some unknown processing of the file /admin/subscriber-csv.php. The manipulation leads to information disclosure. The attack may be initiated remotely. The…

  • CVE-2025-25775Apr 25, 2025
    risk 0.00cvss epss 0.00

    Codeastro Bus Ticket Booking System v1.0 is vulnerable to SQL injection via the kodetiket parameter in /BusTicket-CI/tiket/cekorder.

  • CVE-2025-25777Apr 24, 2025
    risk 0.00cvss epss 0.00

    Insecure Direct Object Reference (IDOR) in Codeastro Bus Ticket Booking System v1.0 allows unauthorized access to user profiles. By manipulating the user ID in the URL, an attacker can access another user's profile without proper authentication or authorization checks.

  • CVE-2025-29015Apr 17, 2025
    risk 0.00cvss epss 0.00

    Code Astro Internet Banking System 2.0.0 is vulnerable to Cross Site Scripting (XSS) via the name parameter in /admin/pages_account.php.

  • CVE-2025-3557Apr 14, 2025
    risk 0.00cvss epss 0.00

    A vulnerability, which was classified as problematic, has been found in ScriptAndTools eCommerce-website-in-PHP 3.0. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has…

  • CVE-2025-3556Apr 14, 2025
    risk 0.00cvss epss 0.01

    A vulnerability classified as problematic was found in ScriptAndTools eCommerce-website-in-PHP 3.0. Affected by this vulnerability is an unknown functionality of the file /admin/login.php. The manipulation leads to improper restriction of excessive authentication attempts. The…

  • CVE-2025-3555Apr 14, 2025
    risk 0.00cvss epss 0.01

    A vulnerability classified as problematic has been found in ScriptAndTools eCommerce-website-in-PHP 3.0. Affected is an unknown function of the file /login.php. The manipulation leads to improper restriction of excessive authentication attempts. It is possible to launch the…

  • CVE-2025-29017Apr 10, 2025
    risk 0.00cvss epss 0.01

    A Remote Code Execution (RCE) vulnerability exists in Code Astro Internet Banking System 2.0.0 due to improper file upload validation in the profile_pic parameter within pages_view_client.php.

  • CVE-2025-29018Apr 9, 2025
    risk 0.00cvss epss 0.00

    A Stored Cross-Site Scripting (XSS) vulnerability exists in the name parameter of pages_add_acc_type.php in Code Astro Internet Banking System 2.0.0.

  • CVE-2025-3205Apr 4, 2025
    risk 0.00cvss epss 0.00

    A vulnerability, which was classified as critical, was found in CodeAstro Student Grading System 1.0. This affects an unknown part of the file studentsubject.php. The manipulation of the argument studentId leads to sql injection. It is possible to initiate the attack remotely.…

  • CVE-2025-2419Mar 17, 2025
    risk 0.00cvss epss 0.00

    A vulnerability classified as critical has been found in code-projects Real Estate Property Management System 1.0. Affected is an unknown function of the file /InsertFeedback.php. The manipulation of the argument txtName/txtEmail/txtMobile/txtFeedback leads to sql injection. It…

  • CVE-2025-2384Mar 17, 2025
    risk 0.00cvss epss 0.00

    A vulnerability, which was classified as critical, was found in code-projects Real Estate Property Management System 1.0. This affects an unknown part of the file /InsertCustomer.php of the component Parameter Handler. The manipulation of the argument…

  • CVE-2025-1576Feb 23, 2025
    risk 0.00cvss epss 0.01

    A vulnerability classified as critical was found in code-projects Real Estate Property Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /ajax_state.php. The manipulation of the argument StateName as part of String leads to sql…

  • CVE-2025-1381Feb 17, 2025
    risk 0.00cvss epss 0.00

    A vulnerability was found in code-projects Real Estate Property Management System 1.0. It has been classified as critical. This affects an unknown part of the file /ajax_city.php. The manipulation of the argument CityName leads to sql injection. It is possible to initiate the…

  • CVE-2025-1379Feb 17, 2025
    risk 0.00cvss epss 0.00

    A vulnerability has been found in code-projects Real Estate Property Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /Admin/CustomerReport.php. The manipulation of the argument city leads to sql injection.…

  • CVE-2025-1374Feb 17, 2025
    risk 0.00cvss epss 0.00

    A vulnerability classified as critical has been found in code-projects Real Estate Property Management System 1.0. This affects an unknown part of the file /search.php. The manipulation of the argument StateName/CityName/AreaName/CatId leads to sql injection. It is possible to…

  • CVE-2025-1197Feb 12, 2025
    risk 0.00cvss epss 0.00

    A vulnerability has been found in code-projects Real Estate Property Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /_parse/load_user-profile.php. The manipulation of the argument userhash leads to sql…

  • CVE-2025-1196Feb 12, 2025
    risk 0.00cvss epss 0.00

    A vulnerability, which was classified as problematic, was found in code-projects Real Estate Property Management System 1.0. Affected is an unknown function of the file /search.php. The manipulation of the argument PropertyName leads to cross site scripting. It is possible to…

  • CVE-2025-1195Feb 12, 2025
    risk 0.00cvss epss 0.00

    A vulnerability, which was classified as problematic, has been found in code-projects Real Estate Property Management System 1.0. This issue affects some unknown processing of the file /Admin/EditCategory. The manipulation of the argument CategoryId leads to cross site…

  • CVE-2025-1171Feb 11, 2025
    risk 0.00cvss epss 0.00

    A vulnerability classified as problematic was found in code-projects Real Estate Property Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /Admin/CustomerReport.php. The manipulation of the argument Address leads to cross site…

  • CVE-2025-1170Feb 11, 2025
    risk 0.00cvss epss 0.00

    A vulnerability classified as problematic has been found in code-projects Real Estate Property Management System 1.0. Affected is an unknown function of the file /Admin/Category.php. The manipulation of the argument Desc leads to cross site scripting. It is possible to launch…

  • CVE-2024-56889Feb 6, 2025
    risk 0.00cvss epss 0.01

    Incorrect access control in the endpoint /admin/m_delete.php of CodeAstro Complaint Management System v1.0 allows unauthorized attackers to arbitrarily delete complaints via modification of the id parameter.

  • CVE-2024-56924Jan 22, 2025
    risk 0.00cvss epss 0.00

    A Cross Site Request Forgery (CSRF) vulnerability in Code Astro Internet banking system 2.0.0 allows remote attackers to execute arbitrary JavaScript on the admin page (pages_account), potentially leading to unauthorized actions such as changing account settings or stealing…

  • CVE-2024-55507Jan 3, 2025
    risk 0.00cvss epss 0.01

    An issue in CodeAstro Complaint Management System v.1.0 allows a remote attacker to escalate privileges via the delete_e.php component.

  • CVE-2024-13070Dec 31, 2024
    risk 0.00cvss epss 0.01

    A vulnerability was found in CodeAstro Online Food Ordering System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/update_users.php of the component Update User Page. The manipulation of the argument user_upd…

  • CVE-2024-13067Dec 31, 2024
    risk 0.00cvss epss 0.01

    A vulnerability was found in CodeAstro Online Food Ordering System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/all_users.php of the component All Users Page. The manipulation leads to improper access controls. The attack may be…

  • CVE-2024-13038Dec 30, 2024
    risk 0.00cvss epss 0.01

    A vulnerability was found in CodeAstro Simple Loan Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /index.php of the component Login. The manipulation of the argument email leads to sql injection.…

  • CVE-2024-55509Dec 20, 2024
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in CodeAstro Complaint Management System v.1.0 allows a remote attacker to execute arbitrary code and escalate privileges via the id parameter of the delete.php component.

  • CVE-2024-55505Dec 18, 2024
    risk 0.00cvss epss 0.01

    An issue in CodeAstro Complaint Management System v.1.0 allows a remote attacker to escalate privileges via the mess-view.php component.

  • CVE-2024-55506Dec 18, 2024
    risk 0.00cvss epss 0.01

    An IDOR vulnerability in CodeAstro's Complaint Management System v1.0 (version with 0 updates) enables an attacker to execute arbitrary code and obtain sensitive information via the delete.php file and modifying the id parameter.

  • CVE-2024-11678Nov 26, 2024
    risk 0.00cvss epss 0.00

    A vulnerability was found in CodeAstro Hospital Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /backend/doc/his_doc_register_patient.php. The manipulation of the argument pat_fname/pat_ailment/pat_lname/pat_age/pat_…

  • CVE-2024-11677Nov 26, 2024
    risk 0.00cvss epss 0.00

    A vulnerability was found in CodeAstro Hospital Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /backend/admin/his_admin_add_vendor.php of the component Add Vendor Details Page. The manipulation of the argument…

  • CVE-2024-11676Nov 26, 2024
    risk 0.00cvss epss 0.00

    A vulnerability was found in CodeAstro Hospital Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /backend/admin/his_admin_add_lab_equipment.php of the component Add Laboratory Equipment Page. The manipulation…

  • CVE-2024-11675Nov 26, 2024
    risk 0.00cvss epss 0.00

    A vulnerability has been found in CodeAstro Hospital Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /backend/admin/his_admin_register_patient.php of the component Add Patient Details Page. The…

  • CVE-2024-11674Nov 25, 2024
    risk 0.00cvss epss 0.01

    A vulnerability, which was classified as critical, was found in CodeAstro Hospital Management System 1.0. Affected is an unknown function of the file /backend/doc/his_doc_update-account.php. The manipulation of the argument doc_dpic leads to unrestricted upload. It is possible…

  • CVE-2024-11058Nov 10, 2024
    risk 0.00cvss epss 0.01

    A vulnerability was found in CodeAstro Real Estate Management System up to 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /aboutedit.php of the component About Us Page. The manipulation of the argument id leads to sql injection. The…

  • CVE-2024-11000Nov 8, 2024
    risk 0.00cvss epss 0.01

    A vulnerability classified as problematic was found in CodeAstro Real Estate Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /aboutedit.php of the component About Us Page. The manipulation of the argument aimage leads to unrestricted…

  • CVE-2024-10999Nov 8, 2024
    risk 0.00cvss epss 0.01

    A vulnerability classified as problematic has been found in CodeAstro Real Estate Management System 1.0. Affected is an unknown function of the file /aboutadd.php of the component About Us Page. The manipulation of the argument aimage leads to unrestricted upload. It is possible…

  • CVE-2024-48709Oct 21, 2024
    risk 0.00cvss epss 0.00

    CodeAstro Membership Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via the membershipType parameter in edit_type.php

  • CVE-2024-46236Oct 21, 2024
    risk 0.00cvss epss 0.00

    CodeAstro Membership Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via the address parameter in add_members.php and edit_member.php.

  • CVE-2024-46470Sep 27, 2024
    risk 0.00cvss epss 0.00

    Cross Site Scripting vulnerability in CodeAstro Membership Management System 1.0 allows attackers to run malicious JavaScript via the membership_type field in the edit-type.php component.

  • CVE-2024-46472Sep 27, 2024
    risk 0.00cvss epss 0.00

    CodeAstro Membership Management System 1.0 is vulnerable to SQL Injection via the parameter 'email' in the Login Page.

  • CVE-2024-46471Sep 27, 2024
    risk 0.00cvss epss 0.01

    The Directory Listing in /uploads/ Folder in CodeAstro Membership Management System 1.0 exposes the structure and contents of directories, potentially revealing sensitive information.

  • CVE-2024-45528Sep 2, 2024
    risk 0.00cvss epss 0.00

    CodeAstro MembershipM-PHP (aka Membership Management System in PHP) 1.0 allows add_members.php fullname stored XSS.

  • CVE-2024-7912Aug 18, 2024
    risk 0.00cvss epss 0.01

    A vulnerability was found in CodeAstro Online Railway Reservation System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/assets/. The manipulation leads to exposure of information through directory listing. The attack can be…

  • CVE-2024-7910Aug 18, 2024
    risk 0.00cvss epss 0.01

    A vulnerability was found in CodeAstro Online Railway Reservation System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/emp-profile-avatar.php of the component Profile Photo Update Handler. The manipulation leads to…

  • CVE-2024-7814Aug 15, 2024
    risk 0.00cvss epss 0.00

    A vulnerability, which was classified as problematic, was found in CodeAstro Online Railway Reservation System 1.0. Affected is an unknown function of the file /admin/admin-add-employee.php of the component Add Employee Page. The manipulation of the argument emp_fname /emp_lname…