VYPR

Vendor CVEs

Itsourcecode

All CVEs

463 total · sorted by risk
  • CVE-2024-6115Jun 18, 2024
    risk 0.00cvss epss 0.01

    A vulnerability classified as critical was found in itsourcecode Simple Online Hotel Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the file add_room.php. The manipulation of the argument photo leads to unrestricted upload. The attack can…

  • CVE-2024-6114Jun 18, 2024
    risk 0.00cvss epss 0.01

    A vulnerability classified as critical has been found in itsourcecode Monbela Tourist Inn Online Reservation System up to 1.0. Affected is an unknown function of the file controller.php. The manipulation of the argument image leads to unrestricted upload. It is possible to…

  • CVE-2024-6112Jun 18, 2024
    risk 0.00cvss epss 0.01

    A vulnerability classified as critical was found in itsourcecode Pool of Bethesda Online Reservation System 1.0. This vulnerability affects unknown code of the file index.php. The manipulation of the argument log_email leads to sql injection. The attack can be initiated…

  • CVE-2024-6111Jun 18, 2024
    risk 0.00cvss epss 0.01

    A vulnerability classified as critical has been found in itsourcecode Pool of Bethesda Online Reservation System 1.0. This affects an unknown part of the file login.php. The manipulation of the argument email leads to sql injection. It is possible to initiate the attack…

  • CVE-2024-6110Jun 18, 2024
    risk 0.00cvss epss 0.01

    A vulnerability was found in itsourcecode Magbanua Beach Resort Online Reservation System up to 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file controller.php. The manipulation of the argument image leads to unrestricted…

  • CVE-2024-6109Jun 18, 2024
    risk 0.00cvss epss 0.01

    A vulnerability was found in itsourcecode Tailoring Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file addmeasurement.php. The manipulation of the argument id leads to sql injection. The attack can be…

  • CVE-2024-6084Jun 18, 2024
    risk 0.00cvss epss 0.01

    A vulnerability has been found in itsourcecode Pool of Bethesda Online Reservation System up to 1.0 and classified as critical. Affected by this vulnerability is the function uploadImage of the file /admin/mod_room/controller.php?action=add. The manipulation of the argument…

  • CVE-2024-37840Jun 17, 2024
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in processscore.php in Itsourcecode Learning Management System Project In PHP With Source Code v1.0 allows remote attackers to execute arbitrary SQL commands via the LessonID parameter.

  • CVE-2024-6041Jun 16, 2024
    risk 0.00cvss epss 0.00

    A vulnerability was found in itsourcecode Gym Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file manage_user.php. The manipulation of the argument id leads to sql injection. The attack can be launched…

  • CVE-2024-6015Jun 15, 2024
    risk 0.00cvss epss 0.01

    A vulnerability classified as critical was found in itsourcecode Online House Rental System 1.0. Affected by this vulnerability is an unknown functionality of the file manage_user.php. The manipulation of the argument month_of leads to sql injection. The attack can be launched…

  • CVE-2024-6014Jun 15, 2024
    risk 0.00cvss epss 0.01

    A vulnerability classified as critical has been found in itsourcecode Document Management System 1.0. Affected is an unknown function of the file edithis.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit…

  • CVE-2024-5981Jun 14, 2024
    risk 0.00cvss epss 0.01

    A vulnerability was found in itsourcecode Online House Rental System 1.0. It has been classified as critical. Affected is an unknown function of the file manage_user.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely.…

  • CVE-2024-37831Jun 14, 2024
    risk 0.00cvss epss 0.00

    Itsourcecode Payroll Management System 1.0 is vulnerable to SQL Injection in payroll_items.php via the ID parameter.

  • CVE-2024-37849Jun 13, 2024
    risk 0.00cvss epss 0.01

    A SQL Injection vulnerability in itsourcecode Billing System 1.0 allows a local attacker to execute arbitrary code in process.php via the username parameter.

  • CVE-2024-5898Jun 12, 2024
    risk 0.00cvss epss 0.01

    A vulnerability was found in itsourcecode Payroll Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file print_payroll.php. The manipulation of the argument id leads to sql injection. The attack may be launched…

  • CVE-2024-5588Jun 2, 2024
    risk 0.00cvss epss 0.01

    A vulnerability was found in itsourcecode Learning Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file processscore.php. The manipulation of the argument LessonID leads to sql injection. The attack can…

  • CVE-2024-5397May 27, 2024
    risk 0.00cvss epss 0.01

    A vulnerability classified as critical was found in itsourcecode Online Student Enrollment System 1.0. Affected by this vulnerability is an unknown functionality of the file instructorSubjects.php. The manipulation of the argument instructorId leads to sql injection. The attack…

  • CVE-2024-5396May 27, 2024
    risk 0.00cvss epss 0.01

    A vulnerability classified as critical has been found in itsourcecode Online Student Enrollment System 1.0. Affected is an unknown function of the file newfaculty.php. The manipulation of the argument name leads to sql injection. It is possible to launch the attack remotely. The…

  • CVE-2024-5395May 27, 2024
    risk 0.00cvss epss 0.01

    A vulnerability was found in itsourcecode Online Student Enrollment System 1.0. It has been rated as critical. This issue affects some unknown processing of the file listofinstructor.php. The manipulation of the argument FullName leads to sql injection. The attack may be…

  • CVE-2024-5394May 27, 2024
    risk 0.00cvss epss 0.01

    A vulnerability was found in itsourcecode Online Student Enrollment System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file newDept.php. The manipulation of the argument deptname leads to sql injection. The attack can be initiated…

  • CVE-2024-5393May 27, 2024
    risk 0.00cvss epss 0.01

    A vulnerability was found in itsourcecode Online Student Enrollment System 1.0. It has been classified as critical. This affects an unknown part of the file listofcourse.php. The manipulation of the argument idno leads to sql injection. It is possible to initiate the attack…

  • CVE-2024-5392May 27, 2024
    risk 0.00cvss epss 0.01

    A vulnerability was found in itsourcecode Online Student Enrollment System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file editSubject.php. The manipulation of the argument id leads to sql injection. The attack may be launched…

  • CVE-2024-5391May 27, 2024
    risk 0.00cvss epss 0.01

    A vulnerability has been found in itsourcecode Online Student Enrollment System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file listofsubject.php. The manipulation of the argument subjcode leads to sql injection. The attack…

  • CVE-2024-5390May 27, 2024
    risk 0.00cvss epss 0.01

    A vulnerability, which was classified as critical, was found in itsourcecode Online Student Enrollment System 1.0. Affected is an unknown function of the file listofstudent.php. The manipulation of the argument lname leads to sql injection. It is possible to launch the attack…

  • CVE-2024-5381May 26, 2024
    risk 0.00cvss epss 0.01

    A vulnerability classified as critical was found in itsourcecode Student Information Management System 1.0. Affected by this vulnerability is an unknown functionality of the file view.php. The manipulation of the argument studentId leads to sql injection. The attack can be…

  • CVE-2024-31610Apr 25, 2024
    risk 0.00cvss epss 0.00

    File Upload vulnerability in the function for employees to upload avatars in Code-Projects Simple School Management System v1.0 allows attackers to run arbitrary code via upload of crafted file.

  • CVE-2024-3347Apr 5, 2024
    risk 0.00cvss epss 0.01

    A vulnerability was found in SourceCodester Airline Ticket Reservation System 1.0. It has been rated as critical. This issue affects some unknown processing of the file activate_jet_details_form_handler.php. The manipulation of the argument jet_id leads to sql injection. The…

  • CVE-2023-48205Dec 7, 2023
    risk 0.00cvss epss 0.01

    Jorani Leave Management System 1.0.2 allows a remote attacker to spoof a Host header associated with password reset emails.

  • CVE-2023-46023Nov 14, 2023
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in addTask.php in Code-Projects Simple Task List 1.0 allows attackers to obtain sensitive information via the 'status' parameter.

  • CVE-2023-45540Oct 16, 2023
    risk 0.00cvss epss 0.01

    An issue in Jorani Leave Management System 1.0.3 allows a remote attacker to execute arbitrary HTML code via a crafted script to the comment field of the List of Leave requests page.

  • CVE-2023-34486Jun 29, 2023
    risk 0.00cvss epss 0.01

    itsourcecode Online Hotel Management System Project In PHP v1.0.0 is vulnerable to Cross Site Scripting (XSS). Remote code execution can be achieved by entering malicious code in the date selection box.

  • CVE-2023-34487Jun 29, 2023
    risk 0.00cvss epss 0.01

    itsourcecode Online Hotel Management System Project In PHP v1.0.0 is vulnerable to SQL Injection. SQL injection points exist in the login password input box. This vulnerability can be exploited through time-based blind injection.

  • CVE-2022-46503Jan 12, 2023
    risk 0.00cvss epss 0.00

    A cross-site scripting (XSS) vulnerability in the component /admin/register.php of Online Student Enrollment System v1.0 allows attackers to execute arbitrary web scripts via a crafted payload injected into the name parameter.

  • CVE-2022-47864Jan 11, 2023
    risk 0.00cvss epss 0.01

    Lead Management System v1.0 is vulnerable to SQL Injection via the id parameter in removeCategories.php.

  • CVE-2022-47866Jan 11, 2023
    risk 0.00cvss epss 0.01

    Lead management system v1.0 is vulnerable to SQL Injection via the id parameter in removeBrand.php.

  • CVE-2022-47861Jan 11, 2023
    risk 0.00cvss epss 0.01

    Lead Management System v1.0 is vulnerable to SQL Injection via the id parameter in removeLead.php.

  • CVE-2022-47862Jan 11, 2023
    risk 0.00cvss epss 0.01

    Lead Management System v1.0 is vulnerable to SQL Injection via the customer_id parameter in ajax_represent.php.

  • CVE-2022-47860Jan 11, 2023
    risk 0.00cvss epss 0.01

    Lead Management System v1.0 is vulnerable to SQL Injection via the id parameter in removeProduct.php.

  • CVE-2022-4855Dec 30, 2022
    risk 0.00cvss epss 0.26

    A vulnerability, which was classified as critical, was found in SourceCodester Lead Management System 1.0. Affected is an unknown function of the file login.php. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The…

  • CVE-2022-43228Oct 28, 2022
    risk 0.00cvss epss 0.01

    Barangay Management System v1.0 was discovered to contain a SQL injection vulnerability via the hidden_id parameter at /clearance/clearance.php.

  • CVE-2022-35175Aug 18, 2022
    risk 0.00cvss epss 0.01

    Barangay Management System v1.0 was discovered to contain a SQL injection vulnerability via the hidden_id parameter at /blotter/blotter.php.

  • CVE-2022-34557Jul 28, 2022
    risk 0.00cvss epss 0.01

    Barangay Management System v1.0 was discovered to contain a SQL injection vulnerability via the hidden_id parameter at /pages/permit/permit.php.

  • CVE-2022-34580Jul 28, 2022
    risk 0.00cvss epss 0.00

    Advanced School Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the address parameter at ip/school/index.php.

  • CVE-2022-34594Jul 27, 2022
    risk 0.00cvss epss 0.00

    Advanced School Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component ip/school/moudel/update_subject.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the…

  • CVE-2022-34590Jul 20, 2022
    risk 0.00cvss epss 0.04

    Hospital Management System v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in /HMS/admin.php.

  • CVE-2022-34586Jul 20, 2022
    risk 0.00cvss epss 0.01

    itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via the grade parameter at /school/view/student_grade_wise.php.

  • CVE-2022-34588Jul 20, 2022
    risk 0.00cvss epss 0.01

    itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via the grade parameter at /school/view/timetable_insert_form.php.

  • CVE-2022-34042Jul 20, 2022
    risk 0.00cvss epss 0.01

    Barangay Management System v1.0 was discovered to contain a SQL injection vulnerability via the hidden_id parameter at /pages/household/household.php.

  • CVE-2022-32056Jul 7, 2022
    risk 0.00cvss epss 0.01

    Online Accreditation Management v1.0 was discovered to contain a SQL injection vulnerability via the USERNAME parameter at process.php.

  • CVE-2022-32370Jun 15, 2022
    risk 0.00cvss epss 0.01

    itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/get_classroom.php?id=.

Page 9 of 10