Rickxy
Products
1- 12 CVEs
Recent CVEs
12| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-6602 | Hig | 0.47 | 7.3 | 0.00 | Apr 20, 2026 | A vulnerability was found in rickxy Hospital Management System up to 88a4290d957dc5bdde8a56e5ad451ad14f7f90f4. Affected is an unknown function of the file /backend/admin/his_admin_account.php. The manipulation of the argument ad_dpic results in unrestricted upload. The attack… | ||
| CVE-2025-14568 | Med | 0.41 | 6.3 | 0.00 | Dec 12, 2025 | A security vulnerability has been detected in haxxorsid Stock-Management-System up to fbbbf213e9c93b87183a3891f77e3cc7095f22b0. This impacts an unknown function of the file model/User.php. The manipulation of the argument employee_id/id/admin leads to sql injection. The attack… | ||
| CVE-2025-14567 | 0.00 | — | 0.01 | Dec 12, 2025 | A weakness has been identified in haxxorsid Stock-Management-System up to fbbbf213e9c93b87183a3891f77e3cc7095f22b0. This affects an unknown function of the file /api/employees. Executing manipulation can lead to missing authentication. It is possible to launch the attack… | |||
| CVE-2025-63497 | 0.00 | — | 0.00 | Nov 10, 2025 | The patient prescription viewing functionality in his_doc_view_single_patient.php of rickxy Hospital Management System version 1.0 contains an SQL injection vulnerability. The pat_number GET parameter is directly concatenated into SQL queries without proper sanitization,… | |||
| CVE-2022-4089 | 0.00 | — | 0.00 | Nov 24, 2022 | A vulnerability was found in rickxy Stock Management System. It has been declared as problematic. This vulnerability affects unknown code of the file /pages/processlogin.php. The manipulation of the argument user leads to cross site scripting. The attack can be initiated… | |||
| CVE-2022-4088 | 0.00 | — | 0.01 | Nov 24, 2022 | A vulnerability was found in rickxy Stock Management System and classified as critical. Affected by this issue is some unknown functionality of the file /pages/processlogin.php. The manipulation of the argument user/password leads to sql injection. The attack may be launched… | |||
| CVE-2022-4090 | 0.00 | — | 0.00 | Nov 24, 2022 | A vulnerability was found in rickxy Stock Management System and classified as problematic. This issue affects some unknown processing of the file us_transac.php?action=add. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit… | |||
| CVE-2021-44114 | 0.00 | — | 0.01 | Jan 31, 2022 | Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Stock Management System in PHP/OOP 1.0, which allows remote malicious users to execute arbitrary remote code execution via create user function. | |||
| CVE-2020-24198 | 0.00 | — | 0.01 | Sep 9, 2020 | A persistent cross-site scripting vulnerability in Sourcecodester Stock Management System v1.0 allows remote attackers to inject arbitrary web script or HTML via the 'Brand Name.' | |||
| CVE-2020-24197 | 0.00 | — | 0.01 | Sep 9, 2020 | A SQL injection vulnerability in the login component in Stock Management System v1.0 allows remote attacker to execute arbitrary SQL commands via the username parameter. | |||
| CVE-2020-23830 | 0.00 | — | 0.01 | Sep 2, 2020 | A Cross-Site Request Forgery (CSRF) vulnerability in changeUsername.php in SourceCodester Stock Management System v1.0 allows remote attackers to deny future logins by changing an authenticated victim's username when they visit a third-party site. | |||
| CVE-2020-23831 | 0.00 | — | 0.01 | Sep 1, 2020 | A Reflected Cross-Site Scripting (XSS) vulnerability in the index.php login-portal webpage of SourceCodester Stock Management System v1.0 allows remote attackers to harvest login credentials and session cookies when an unauthenticated victim clicks on a malicious URL and enters… |
- risk 0.47cvss 7.3epss 0.00
A vulnerability was found in rickxy Hospital Management System up to 88a4290d957dc5bdde8a56e5ad451ad14f7f90f4. Affected is an unknown function of the file /backend/admin/his_admin_account.php. The manipulation of the argument ad_dpic results in unrestricted upload. The attack…
- risk 0.41cvss 6.3epss 0.00
A security vulnerability has been detected in haxxorsid Stock-Management-System up to fbbbf213e9c93b87183a3891f77e3cc7095f22b0. This impacts an unknown function of the file model/User.php. The manipulation of the argument employee_id/id/admin leads to sql injection. The attack…
- CVE-2025-14567Dec 12, 2025risk 0.00cvss —epss 0.01
A weakness has been identified in haxxorsid Stock-Management-System up to fbbbf213e9c93b87183a3891f77e3cc7095f22b0. This affects an unknown function of the file /api/employees. Executing manipulation can lead to missing authentication. It is possible to launch the attack…
- CVE-2025-63497Nov 10, 2025risk 0.00cvss —epss 0.00
The patient prescription viewing functionality in his_doc_view_single_patient.php of rickxy Hospital Management System version 1.0 contains an SQL injection vulnerability. The pat_number GET parameter is directly concatenated into SQL queries without proper sanitization,…
- CVE-2022-4089Nov 24, 2022risk 0.00cvss —epss 0.00
A vulnerability was found in rickxy Stock Management System. It has been declared as problematic. This vulnerability affects unknown code of the file /pages/processlogin.php. The manipulation of the argument user leads to cross site scripting. The attack can be initiated…
- CVE-2022-4088Nov 24, 2022risk 0.00cvss —epss 0.01
A vulnerability was found in rickxy Stock Management System and classified as critical. Affected by this issue is some unknown functionality of the file /pages/processlogin.php. The manipulation of the argument user/password leads to sql injection. The attack may be launched…
- CVE-2022-4090Nov 24, 2022risk 0.00cvss —epss 0.00
A vulnerability was found in rickxy Stock Management System and classified as problematic. This issue affects some unknown processing of the file us_transac.php?action=add. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit…
- CVE-2021-44114Jan 31, 2022risk 0.00cvss —epss 0.01
Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Stock Management System in PHP/OOP 1.0, which allows remote malicious users to execute arbitrary remote code execution via create user function.
- CVE-2020-24198Sep 9, 2020risk 0.00cvss —epss 0.01
A persistent cross-site scripting vulnerability in Sourcecodester Stock Management System v1.0 allows remote attackers to inject arbitrary web script or HTML via the 'Brand Name.'
- CVE-2020-24197Sep 9, 2020risk 0.00cvss —epss 0.01
A SQL injection vulnerability in the login component in Stock Management System v1.0 allows remote attacker to execute arbitrary SQL commands via the username parameter.
- CVE-2020-23830Sep 2, 2020risk 0.00cvss —epss 0.01
A Cross-Site Request Forgery (CSRF) vulnerability in changeUsername.php in SourceCodester Stock Management System v1.0 allows remote attackers to deny future logins by changing an authenticated victim's username when they visit a third-party site.
- CVE-2020-23831Sep 1, 2020risk 0.00cvss —epss 0.01
A Reflected Cross-Site Scripting (XSS) vulnerability in the index.php login-portal webpage of SourceCodester Stock Management System v1.0 allows remote attackers to harvest login credentials and session cookies when an unauthenticated victim clicks on a malicious URL and enters…