VYPR
Vendor

Itsourcecode

Products
32
CVEs
463
Across products
465
Status
Private

Products

32
View all 32 products →

Recent CVEs

463
View all 463 CVEs →
  • CVE-2018-25320CriMay 17, 2026
    risk 0.64cvss 9.8epss 0.01

    ACL Analytics versions 11.x through 13.0.0.579 contain an arbitrary code execution vulnerability that allows attackers to execute arbitrary commands by leveraging the EXECUTE function. Attackers can use bitsadmin to download malicious PowerShell scripts and execute them with…

  • CVE-2026-36235CriApr 10, 2026
    risk 0.64cvss 9.8epss 0.00

    A SQL injection vulnerability was found in the scheduleSubList.php file of itsourcecode Online Student Enrollment System v1.0. The reason for this issue is that the 'subjcode' parameter is directly embedded into the SQL query via string interpolation without any sanitization or…

  • CVE-2026-36234CriApr 10, 2026
    risk 0.64cvss 9.8epss 0.00

    itsourcecode Online Student Enrollment System v1.0 is vulnerable to SQL Injection in newCourse.php via the 'coursename' parameter.

  • CVE-2026-36233CriApr 10, 2026
    risk 0.64cvss 9.8epss 0.00

    A SQL injection vulnerability was found in the assignInstructorSubjects.php file of itsourcecode Online Student Enrollment System v1.0. The reason for this issue is that attackers can inject malicious code via the parameter "subjcode" and use it directly in SQL queries without…

  • CVE-2026-36232CriApr 10, 2026
    risk 0.64cvss 9.8epss 0.00

    A SQL injection vulnerability was found in the instructorClasses.php file of itsourcecode Online Student Enrollment System v1.0. The reason for this issue is that the 'classId' parameter from $_GET['classId'] is directly concatenated into the SQL query without any sanitization…

  • CVE-2026-32393HigMar 13, 2026
    risk 0.49cvss 7.5epss 0.00

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Creatives_Planet Greenly Theme Addons greenly-addons allows PHP Local File Inclusion.This issue affects Greenly Theme Addons: from n/a through < 8.2.

  • CVE-2020-37034HigJan 30, 2026
    risk 0.49cvss 7.5epss 0.01

    HelloWeb 2.0 contains an arbitrary file download vulnerability that allows remote attackers to download system files by manipulating filepath and filename parameters. Attackers can send crafted GET requests to download.asp with directory traversal to access sensitive…

  • CVE-2026-10253HigJun 1, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was detected in itsourcecode Online House Rental System 1.0. This impacts an unknown function of the file /manage_payment.php. The manipulation of the argument ID results in sql injection. It is possible to launch the attack remotely. The exploit is now public…

  • CVE-2026-10252HigJun 1, 2026
    risk 0.47cvss 7.3epss 0.00

    A security vulnerability has been detected in itsourcecode Online House Rental System 1.0. This affects an unknown function of the file /manage_tenant.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has…

  • CVE-2026-10251HigJun 1, 2026
    risk 0.47cvss 7.3epss 0.00

    A weakness has been identified in itsourcecode Online House Rental System 1.0. The impacted element is an unknown function of the file /ajax.php?action=login. Executing a manipulation of the argument Username can lead to sql injection. The attack may be performed from remote.…

  • CVE-2026-10250HigJun 1, 2026
    risk 0.47cvss 7.3epss 0.00

    A security flaw has been discovered in itsourcecode Online Blood Bank Management System 1.0. The affected element is an unknown function of the file /admin/campsdetails.php. Performing a manipulation of the argument hospital results in sql injection. The attack is possible to be…

  • CVE-2026-10249HigJun 1, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was identified in itsourcecode Online Blood Bank Management System 1.0. Impacted is an unknown function of the file /admin/viewrequest.php. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit is publicly…

  • CVE-2026-9606HigMay 27, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability has been found in itsourcecode Courier Management System 1.0. Impacted is an unknown function of the file /manage_user.php. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit has been disclosed to the…

  • CVE-2026-9575HigMay 26, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability has been found in itsourcecode Student Transcript Processing System 1.0. This issue affects some unknown processing of the file /admin/modules/class/index.php?view=view. The manipulation of the argument ID leads to sql injection. The attack may be initiated…

  • CVE-2026-9574HigMay 26, 2026
    risk 0.47cvss 7.3epss 0.00

    A flaw has been found in itsourcecode Student Transcript Processing System 1.0. This vulnerability affects unknown code of the file /admin/modules/student/trans.php. Executing a manipulation of the argument studentId/cid can lead to sql injection. The attack can be launched…

  • CVE-2026-9573HigMay 26, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was detected in itsourcecode Student Transcript Processing System 1.0. This affects an unknown part of the file /admin/modules/student/index.php?view=view. Performing a manipulation of the argument studentId results in sql injection. The attack can be initiated…

  • CVE-2026-9528HigMay 26, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was identified in itsourcecode Electronic Judging System 1.0. Impacted is an unknown function of the file /admin/delete_judge.php. Such manipulation of the argument judge_id leads to sql injection. The attack can be executed remotely. The exploit is publicly…

  • CVE-2026-9526HigMay 26, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was found in itsourcecode Electronic Judging System 1.0. This vulnerability affects unknown code of the file /admin/edit_team.php. The manipulation of the argument num_id results in sql injection. The attack may be launched remotely. The exploit has been made…

  • CVE-2026-9525HigMay 26, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability has been found in itsourcecode Electronic Judging System 1.0. This affects an unknown part of the file /admin/edit_judge.php. The manipulation of the argument judge_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to…

  • CVE-2026-9383HigMay 24, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability has been found in itsourcecode Electronic Judging System 1.0. This affects an unknown part of the file /intrams/admin/login.php. The manipulation of the argument Username leads to sql injection. Remote exploitation of the attack is possible. The exploit has been…