VYPR

Vendor CVEs

Janobe

All CVEs

155 total · sorted by risk
  • CVE-2025-10625MedSep 17, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was detected in SourceCodester Online Exam Form Submission 1.0. Affected by this vulnerability is an unknown functionality of the file /user/dashboard.php?page=update_profile. The manipulation of the argument phone results in sql injection. The attack may be…

  • CVE-2025-10602MedSep 17, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was found in SourceCodester Online Exam Form Submission 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/delete_s1.php. Performing manipulation of the argument ID results in sql injection. The attack can be initiated remotely.…

  • CVE-2025-10595MedSep 17, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability has been found in SourceCodester Online Student File Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/delete_user.php. The manipulation of the argument user_id leads to sql injection. The attack can be initiated…

  • CVE-2025-10594MedSep 17, 2025
    risk 0.41cvss 6.3epss 0.00

    A flaw has been found in SourceCodester Online Student File Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/delete_student.php. Executing manipulation of the argument stud_id can lead to sql injection. It is possible to launch…

  • CVE-2025-10593MedSep 17, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was detected in SourceCodester Online Student File Management System 1.0. Affected is an unknown function of the file /admin/update_student.php. Performing manipulation of the argument stud_id results in sql injection. It is possible to initiate the attack…

  • CVE-2025-10483MedSep 15, 2025
    risk 0.41cvss 6.3epss 0.00

    A flaw has been found in SourceCodester Online Student File Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/save_user.php. This manipulation of the argument firstname causes sql injection. The attack is possible to be carried…

  • CVE-2025-10481MedSep 15, 2025
    risk 0.41cvss 6.3epss 0.00

    A security vulnerability has been detected in SourceCodester Online Student File Management System 1.0. This impacts an unknown function of the file /remove_file.php. The manipulation of the argument ID leads to sql injection. Remote exploitation of the attack is possible. The…

  • CVE-2025-10480MedSep 15, 2025
    risk 0.41cvss 6.3epss 0.00

    A weakness has been identified in SourceCodester Online Student File Management System 1.0. This affects an unknown function of the file /save_file.php. Executing manipulation can lead to unrestricted upload. The attack may be launched remotely. The exploit has been made…

  • CVE-2023-2596MedMay 9, 2023
    risk 0.41cvss 6.3epss 0.01

    A vulnerability was found in SourceCodester Online Reviewer System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /reviewer/system/system/admins/manage/users/user-update.php of the component GET Parameter Handler. The…

  • CVE-2025-13210MedNov 15, 2025
    risk 0.31cvss 4.7epss 0.00

    A security vulnerability has been detected in itsourcecode Inventory Management System 1.0. This impacts an unknown function of the file /admin/products/index.php?view=add. Such manipulation of the argument PROMODEL leads to sql injection. The attack may be performed from…

  • CVE-2025-12932MedNov 10, 2025
    risk 0.31cvss 4.7epss 0.00

    A vulnerability was determined in SourceCodester Baby Care System 1.0. Affected by this issue is some unknown functionality of the file /admin.php?id=inbox. This manipulation of the argument msgid causes sql injection. The attack can be initiated remotely. The exploit has been…

  • CVE-2025-12294MedOct 27, 2025
    risk 0.31cvss 4.7epss 0.00

    A security flaw has been discovered in SourceCodester Point of Sales 1.0. Impacted is an unknown function of the file /delete_category.php. Performing manipulation of the argument ID results in sql injection. The attack can be initiated remotely. The exploit has been released to…

  • CVE-2026-1154MedJan 19, 2026
    risk 0.28cvss 4.3epss 0.00

    A flaw has been found in SourceCodester E-Learning System 1.0. This impacts an unknown function of the file /admin/modules/lesson/index.php of the component Lesson Module Handler. Executing a manipulation of the argument Title/Description can lead to basic cross site scripting.…

  • CVE-2026-2224LowFeb 9, 2026
    risk 0.23cvss 3.5epss 0.00

    A vulnerability was detected in code-projects Online Reviewer System 1.0. This affects an unknown part of the file /system/system/admins/manage/users/btn_functions.php. The manipulation of the argument firstname results in cross site scripting. It is possible to launch the…

  • CVE-2025-13343LowNov 18, 2025
    risk 0.23cvss 3.5epss 0.00

    A security flaw has been discovered in SourceCodester Interview Management System 1.0. Affected is an unknown function of the file /editQuestion.php. The manipulation of the argument Question results in cross site scripting. It is possible to launch the attack remotely. The…

  • CVE-2026-36920LowApr 13, 2026
    risk 0.18cvss 2.7epss 0.00

    Sourcecodester Online Reviewer System v1.0 is vulnerable to SQL Injection in the file /system/system/admins/assessments/examproper/questions-view.php.

  • CVE-2026-36919LowApr 13, 2026
    risk 0.18cvss 2.7epss 0.00

    Sourcecodester Online Reviewer System v1.0 is vulnerale to SQL Injection in the file /system/system/admins/assessments/examproper/exam-update.php.

  • CVE-2026-4972LowMar 27, 2026
    risk 0.16cvss 2.4epss 0.00

    A security vulnerability has been detected in code-projects Online Reviewer System up to 1.0. Affected is an unknown function of the file /system/system/students/assessments/databank/btn_functions.php. Such manipulation of the argument Description leads to cross site scripting.…

  • CVE-2026-2222LowFeb 9, 2026
    risk 0.16cvss 2.4epss 0.00

    A weakness has been identified in code-projects Online Reviewer System 1.0. Affected by this vulnerability is an unknown functionality of the file /system/system/admins/manage/users/btn_functions.php. Executing a manipulation of the argument firstname can lead to cross site…

  • CVE-2021-3239Feb 15, 2021
    risk 0.05cvss epss 0.18

    E-Learning System 1.0 suffers from an unauthenticated SQL injection vulnerability, which allows remote attackers to execute arbitrary code on the hosting web server and gain a reverse shell.

  • CVE-2021-42669Nov 5, 2021
    risk 0.04cvss epss 0.23

    A file upload vulnerability exists in Sourcecodester Engineers Online Portal in PHP via dashboard_teacher.php, which allows changing the avatar through teacher_avatar.php. Once an avatar gets uploaded it is getting uploaded to the /admin/uploads/ directory, and is accessible by…

  • CVE-2021-42668Nov 5, 2021
    risk 0.02cvss epss 0.05

    A SQL Injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the id parameter in the my_classmates.php web page.. As a result, an attacker can extract sensitive data from the web server and in some cases can use this vulnerability in order to get a…

  • CVE-2021-42666Nov 5, 2021
    risk 0.02cvss epss 0.04

    A SQL Injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the id parameter to quiz_question.php, which could let a malicious user extract sensitive data from the web server and in some cases use this vulnerability in order to get a remote code…

  • CVE-2021-42665Nov 5, 2021
    risk 0.02cvss epss 0.05

    An SQL Injection vulnerability exists in Sourcecodester Engineers Online Portal in PHP via the login form inside of index.php, which can allow an attacker to bypass authentication.

  • CVE-2020-10224Mar 8, 2020
    risk 0.01cvss epss 0.05

    An unauthenticated file upload vulnerability has been identified in admin_add.php in PHPGurukul Online Book Store 1.0. The vulnerability could be exploited by an unauthenticated remote attacker to upload content to the server, including PHP files, which could result in command…

  • CVE-2024-9036Sep 20, 2024
    risk 0.00cvss epss 0.01

    A vulnerability was found in itsourcecode Online Bookstore 1.0. It has been rated as critical. This issue affects some unknown processing of the file admin_add.php. The manipulation of the argument image leads to unrestricted upload. The attack may be initiated remotely. The…

  • CVE-2024-6065Jun 17, 2024
    risk 0.00cvss epss 0.01

    A vulnerability was found in itsourcecode Bakery Online Ordering System 1.0. It has been rated as critical. This issue affects some unknown processing of the file index.php. The manipulation of the argument user_email leads to sql injection. The attack may be initiated remotely.…

  • CVE-2024-6013Jun 15, 2024
    risk 0.00cvss epss 0.01

    A vulnerability was found in itsourcecode Online Book Store 1.0. It has been rated as critical. This issue affects some unknown processing of the file admin_delete.php. The manipulation of the argument bookisbn leads to sql injection. The attack may be initiated remotely. The…

  • CVE-2024-6008Jun 15, 2024
    risk 0.00cvss epss 0.00

    A vulnerability, which was classified as critical, was found in itsourcecode Online Book Store up to 1.0. Affected is an unknown function of the file /edit_book.php. The manipulation of the argument image leads to sql injection. It is possible to launch the attack remotely. The…

  • CVE-2024-5984Jun 14, 2024
    risk 0.00cvss epss 0.01

    A vulnerability was found in itsourcecode Online Bookstore 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file book.php. The manipulation of the argument bookisbn leads to sql injection. The attack may be launched remotely. The…

  • CVE-2024-5983Jun 14, 2024
    risk 0.00cvss epss 0.01

    A vulnerability was found in itsourcecode Online Bookstore 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file bookPerPub.php. The manipulation of the argument pubid leads to sql injection. The attack can be launched…

  • CVE-2024-5745Jun 7, 2024
    risk 0.00cvss epss 0.01

    A vulnerability was found in itsourcecode Bakery Online Ordering System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/modules/product/controller.php?action=add. The manipulation of the argument image leads to unrestricted upload. It…

  • CVE-2024-5636Jun 5, 2024
    risk 0.00cvss epss 0.01

    A vulnerability was found in itsourcecode Bakery Online Ordering System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file report/index.php. The manipulation of the argument procduct leads to sql injection. The attack may be…

  • CVE-2024-5635Jun 4, 2024
    risk 0.00cvss epss 0.01

    A vulnerability was found in itsourcecode Bakery Online Ordering System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file index.php. The manipulation of the argument txtsearch leads to sql injection. The attack can be…

  • CVE-2024-0351Jan 9, 2024
    risk 0.00cvss epss 0.01

    A vulnerability classified as problematic has been found in SourceCodester Engineers Online Portal 1.0. This affects an unknown part. The manipulation leads to session fixiation. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The…

  • CVE-2024-0350Jan 9, 2024
    risk 0.00cvss epss 0.00

    A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to session expiration. The attack may be launched remotely. The complexity of an attack is…

  • CVE-2024-0349Jan 9, 2024
    risk 0.00cvss epss 0.00

    A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to sensitive cookie without secure attribute. The attack can be launched remotely. The…

  • CVE-2024-0348Jan 9, 2024
    risk 0.00cvss epss 0.01

    A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been classified as problematic. Affected is an unknown function of the component File Upload Handler. The manipulation leads to resource consumption. It is possible to launch the attack remotely. The…

  • CVE-2024-0347Jan 9, 2024
    risk 0.00cvss epss 0.01

    A vulnerability was found in SourceCodester Engineers Online Portal 1.0 and classified as problematic. This issue affects some unknown processing of the file signup_teacher.php. The manipulation of the argument Password leads to weak password requirements. The attack may be…

  • CVE-2024-0260Jan 7, 2024
    risk 0.00cvss epss 0.01

    A vulnerability, which was classified as problematic, was found in SourceCodester Engineers Online Portal 1.0. Affected is an unknown function of the file change_password_teacher.php of the component Password Change. The manipulation leads to session expiration. It is possible…

  • CVE-2024-0182Jan 1, 2024
    risk 0.00cvss epss 0.01

    A vulnerability was found in SourceCodester Engineers Online Portal 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/ of the component Admin Login. The manipulation of the argument username/password leads to sql injection.…

  • CVE-2023-7160Dec 29, 2023
    risk 0.00cvss epss 0.00

    A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Add Engineer Handler. The manipulation of the argument first name/last name with the input…

  • CVE-2023-7097Dec 25, 2023
    risk 0.00cvss epss 0.01

    A vulnerability classified as critical has been found in code-projects Water Billing System 1.0. This affects an unknown part of the file /addbill.php. The manipulation of the argument owners_id leads to sql injection. It is possible to initiate the attack remotely. The exploit…

  • CVE-2023-6945Dec 19, 2023
    risk 0.00cvss epss 0.01

    A vulnerability has been found in SourceCodester Online Student Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file edit-student-detail.php. The manipulation of the argument notmsg leads to cross site…

  • CVE-2023-5284Sep 29, 2023
    risk 0.00cvss epss 0.01

    A vulnerability classified as critical has been found in SourceCodester Engineers Online Portal 1.0. Affected is an unknown function of the file upload_save_student.php. The manipulation of the argument uploaded_file leads to unrestricted upload. It is possible to launch the…

  • CVE-2023-5283Sep 29, 2023
    risk 0.00cvss epss 0.01

    A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been rated as critical. This issue affects some unknown processing of the file teacher_signup.php. The manipulation of the argument firstname/lastname leads to sql injection. The attack may be…

  • CVE-2023-5282Sep 29, 2023
    risk 0.00cvss epss 0.01

    A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been declared as critical. This vulnerability affects unknown code of the file seed_message_student.php. The manipulation of the argument teacher_id leads to sql injection. The attack can be…

  • CVE-2023-5281Sep 29, 2023
    risk 0.00cvss epss 0.01

    A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been classified as critical. This affects an unknown part of the file remove_inbox_message.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack…

  • CVE-2023-5280Sep 29, 2023
    risk 0.00cvss epss 0.01

    A vulnerability was found in SourceCodester Engineers Online Portal 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file my_students.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely.…

  • CVE-2023-5279Sep 29, 2023
    risk 0.00cvss epss 0.01

    A vulnerability has been found in SourceCodester Engineers Online Portal 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file my_classmates.php. The manipulation of the argument teacher_class_student_id leads to sql injection.…