VYPR

Vendor CVEs

Remyandrade

All CVEs

43 total · sorted by risk
  • CVE-2026-9603MedMay 26, 2026
    risk 0.42cvss 6.5epss 0.00

    A security vulnerability has been detected in SourceCodester eDoc Doctor Appointment System 1.0. This affects an unknown part of the file /admin/delete-session.php. The manipulation of the argument ID leads to missing authorization. Remote exploitation of the attack is possible.…

  • CVE-2026-3695MedMar 8, 2026
    risk 0.42cvss 6.5epss 0.01

    A vulnerability has been found in SourceCodester Modern Image Gallery App 1.0. Impacted is an unknown function of the file /delete.php. Such manipulation of the argument filename leads to path traversal. It is possible to launch the attack remotely. The exploit has been…

  • CVE-2026-9484MedMay 25, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was determined in SourceCodester Student Grades Management System 1.0. Affected by this vulnerability is the function getClassroomStudents/removeStudentFromClassroom of the file classroom.php. Executing a manipulation of the argument classroom_id can lead to…

  • CVE-2026-9483MedMay 25, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was found in SourceCodester Student Grades Management System 1.0. Affected is an unknown function of the file grades.php. Performing a manipulation of the argument student_id results in improper authorization. The attack may be initiated remotely. The exploit has…

  • CVE-2026-3163MedFeb 25, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability has been found in SourceCodester Website Link Extractor 1.0. This vulnerability affects the function file_get_contents of the component URL Handler. The manipulation leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit…

  • CVE-2025-14530MedDec 11, 2025
    risk 0.31cvss 4.7epss 0.00

    A vulnerability has been found in SourceCodester Real Estate Property Listing App 1.0. The impacted element is an unknown function of the file /admin/property.php. Such manipulation of the argument image leads to unrestricted upload. It is possible to launch the attack remotely.…

  • CVE-2026-9486MedMay 25, 2026
    risk 0.28cvss 4.3epss 0.00

    A security flaw has been discovered in SourceCodester Student Grades Management System 1.0. This affects an unknown part. The manipulation results in cross-site request forgery. The attack can be executed remotely. The exploit has been released to the public and may be used for…

  • CVE-2026-3302MedFeb 27, 2026
    risk 0.28cvss 4.3epss 0.00

    A weakness has been identified in SourceCodester Doctor Appointment System 1.0. Affected by this issue is some unknown functionality of the file /register.php of the component Sign Up Page. Executing a manipulation of the argument Email can lead to cross site scripting. The…

  • CVE-2026-3070MedFeb 24, 2026
    risk 0.28cvss 4.3epss 0.00

    A vulnerability was detected in SourceCodester Modern Image Gallery App 1.0. Affected by this vulnerability is an unknown functionality of the file upload.php. The manipulation of the argument filename results in cross site scripting. The attack may be launched remotely. The…

  • CVE-2026-9485LowMay 25, 2026
    risk 0.23cvss 3.5epss 0.00

    A vulnerability was identified in SourceCodester Student Grades Management System 1.0. Affected by this issue is some unknown functionality of the file students.php. The manipulation of the argument Remarks leads to cross site scripting. Remote exploitation of the attack is…

  • CVE-2026-0580LowJan 5, 2026
    risk 0.23cvss 3.5epss 0.00

    A vulnerability was found in SourceCodester API Key Manager App 1.0. Affected by this vulnerability is an unknown functionality of the component Import Key Handler. Performing a manipulation results in cross site scripting. The attack can be initiated remotely.

  • CVE-2025-13349LowNov 18, 2025
    risk 0.23cvss 3.5epss 0.00

    A vulnerability has been found in SourceCodester Student Grades Management System 1.0. This issue affects some unknown processing of the file /grades.php of the component Add New Grade Page. The manipulation of the argument Remarks leads to cross site scripting. Remote…

  • CVE-2025-12332LowOct 28, 2025
    risk 0.16cvss 2.4epss 0.00

    A flaw has been found in SourceCodester Student Grades Management System 1.0. This affects the function delete_user of the file /admin.php. Executing manipulation can lead to cross site scripting. The attack may be performed from remote. The exploit has been published and may be…

  • CVE-2025-11485LowOct 8, 2025
    risk 0.16cvss 2.4epss 0.00

    A vulnerability was determined in SourceCodester Student Grades Management System 1.0. Affected is the function add_user of the file /admin.php of the component Manage Users Page. This manipulation of the argument first_name/last_name causes cross site scripting. The attack can…

  • CVE-2021-27320Mar 24, 2021
    risk 0.02cvss epss 0.09

    Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via firstname parameter.

  • CVE-2025-70457Jan 23, 2026
    risk 0.00cvss epss 0.01

    A Remote Code Execution (RCE) vulnerability exists in Sourcecodester Modern Image Gallery App v1.0 within the gallery/upload.php component. The application fails to properly validate uploaded file contents. Additionally, the application preserves the user-supplied file extension…

  • CVE-2025-66918Dec 11, 2025
    risk 0.00cvss epss 0.00

    edoc-doctor-appointment-system v1.0.1 is vulnerable to Cross Site Scripting (XSS) in admin/add-session.php via the "title" parameter.

  • CVE-2025-64070Dec 2, 2025
    risk 0.00cvss epss 0.00

    Sourcecodester Student Grades Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in the Add New Subject Description field.

  • CVE-2025-65358Dec 2, 2025
    risk 0.00cvss epss 0.00

    Edoc-doctor-appointment-system v1.0.1 was discovered to contain SQl injection vulnerability via the 'docid' parameter at /admin/appointment.php.

  • CVE-2025-63892Nov 18, 2025
    risk 0.00cvss epss 0.00

    A vulnerability was determined in SourceCodester Student Grades Management System 1.0. Affected is the function create_classroom of the file /classroom.php of the component My Classrooms Management Page. This manipulation of the argument name/description causes stored cross site…

  • CVE-2025-9553Oct 10, 2025
    risk 0.00cvss epss 0.00

    Vulnerability in Drupal API Key manager.This issue affects API Key manager: *.*.

  • CVE-2025-45805Sep 3, 2025
    risk 0.00cvss epss 0.00

    In phpgurukul Doctor Appointment Management System 1.0, an authenticated doctor user can inject arbitrary JavaScript code into their profile name. This payload is subsequently rendered without proper sanitization, when a user visits the website and selects the doctor to book an…

  • CVE-2025-50493Jul 28, 2025
    risk 0.00cvss epss 0.00

    Improper session invalidation in the component /doctor/change-password.php of PHPGurukul Doctor Appointment Management System v1 allows attackers to execute a session hijacking attack.

  • CVE-2025-2649Mar 23, 2025
    risk 0.00cvss epss 0.00

    A vulnerability classified as critical was found in PHPGurukul Doctor Appointment Management System 1.0. This vulnerability affects unknown code of the file /check-appointment.php. The manipulation of the argument searchdata leads to sql injection. The attack can be initiated…

  • CVE-2025-2640Mar 23, 2025
    risk 0.00cvss epss 0.00

    A vulnerability was found in PHPGurukul Doctor Appointment Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /doctor/appointment-bwdates-reports-details.php. The manipulation of the argument fromdate/todate leads to sql…

  • CVE-2025-2383Mar 17, 2025
    risk 0.00cvss epss 0.00

    A vulnerability, which was classified as critical, has been found in PHPGurukul Doctor Appointment Management System 1.0. Affected by this issue is some unknown functionality of the file /doctor/search.php. The manipulation of the argument searchdata leads to sql injection. The…

  • CVE-2024-48807Oct 30, 2024
    risk 0.00cvss epss 0.00

    Cross Site Scripting vulnerability in PHPGurukul Doctor Appointment Management System v.1.0 allows a local attacker to execute arbitrary code via the search parameter.

  • CVE-2024-4294Apr 27, 2024
    risk 0.00cvss epss 0.01

    A vulnerability, which was classified as critical, has been found in PHPGurukul Doctor Appointment Management System 1.0. Affected by this issue is some unknown functionality of the file /doctor/view-appointment-detail.php. The manipulation of the argument editid leads to…

  • CVE-2024-4293Apr 27, 2024
    risk 0.00cvss epss 0.01

    A vulnerability classified as problematic was found in PHPGurukul Doctor Appointment Management System 1.0. Affected by this vulnerability is an unknown functionality of the file appointment-bwdates-reports-details.php. The manipulation of the argument fromdate/todate leads to…

  • CVE-2023-40945Sep 11, 2023
    risk 0.00cvss epss 0.01

    Sourcecodester Doctor Appointment System 1.0 is vulnerable to SQL Injection in the variable $userid at doctors\myDetails.php.

  • CVE-2023-4219Aug 8, 2023
    risk 0.00cvss epss 0.01

    A vulnerability was found in SourceCodester Doctors Appointment System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file login.php. The manipulation of the argument useremail leads to sql injection. The attack can be…

  • CVE-2023-1063Feb 27, 2023
    risk 0.00cvss epss 0.01

    A vulnerability has been found in SourceCodester Doctors Appointment System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/patient.php of the component Parameter Handler. The manipulation of the argument search leads…

  • CVE-2023-1062Feb 27, 2023
    risk 0.00cvss epss 0.01

    A vulnerability, which was classified as critical, was found in SourceCodester Doctors Appointment System 1.0. Affected is an unknown function of the file /admin/add-new.php of the component Parameter Handler. The manipulation of the argument email leads to sql injection. It is…

  • CVE-2023-1061Feb 27, 2023
    risk 0.00cvss epss 0.01

    A vulnerability, which was classified as critical, has been found in SourceCodester Doctors Appointment System 1.0. This issue affects some unknown processing of the file /admin/edit-doc.php. The manipulation of the argument email/oldmail leads to sql injection. The attack may…

  • CVE-2023-1059Feb 27, 2023
    risk 0.00cvss epss 0.01

    A vulnerability classified as critical was found in SourceCodester Doctors Appointment System 1.0. This vulnerability affects unknown code of the file /admin/doctors.php of the component Parameter Handler. The manipulation of the argument search/id leads to sql injection. The…

  • CVE-2023-1058Feb 27, 2023
    risk 0.00cvss epss 0.01

    A vulnerability classified as critical has been found in SourceCodester Doctors Appointment System 1.0. This affects an unknown part of the file create-account.php. The manipulation of the argument newemail leads to sql injection. It is possible to initiate the attack remotely.…

  • CVE-2023-1057Feb 27, 2023
    risk 0.00cvss epss 0.01

    A vulnerability was found in SourceCodester Doctors Appointment System 1.0. It has been rated as critical. Affected by this issue is the function edoc of the file login.php. The manipulation of the argument usermail leads to sql injection. VDB-221822 is the identifier assigned…

  • CVE-2023-1056Feb 27, 2023
    risk 0.00cvss epss 0.01

    A vulnerability was found in SourceCodester Doctors Appointment System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /edoc/doctor/patient.php. The manipulation of the argument search12 leads to sql injection. The…

  • CVE-2022-46128Jan 25, 2023
    risk 0.00cvss epss 0.00

    phpgurukul Doctor Appointment Management System V 1.0.0 is vulnerable to Cross Site Scripting (XSS) via searchdata=.

  • CVE-2022-45730Jan 25, 2023
    risk 0.00cvss epss 0.01

    A cross-site scripting (XSS) vulnerability in Doctor Appointment Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search function.

  • CVE-2022-36201Aug 31, 2022
    risk 0.00cvss epss 0.02

    Doctor’s Appointment System v1.0 is vulnerable to Blind SQLi via settings.php.

  • CVE-2022-36202Aug 31, 2022
    risk 0.00cvss epss 0.01

    Doctor's Appointment System1.0 is vulnerable to Incorrect Access Control via edoc/patient/settings.php. The settings.php is affected by Broken Access Control (IDOR) via id= parameter.

  • CVE-2022-28568May 4, 2022
    risk 0.00cvss epss 0.04

    Sourcecodester Doctor's Appointment System 1.0 is vulnerable to File Upload to RCE via Image upload from the administrator panel. An attacker can obtain remote command execution just by knowing the path where the images are stored.