Vendor CVEs
Sourcecodester
All CVEs
1,696 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-41658 | 0.00 | — | 0.01 | Jan 24, 2022 | Cross Site Scripting (XSS) in Sourcecodester Student Quarterly Grading System by oretnom23, allows attackers to execute arbitrary code via the fullname and username parameters to the users page. | |||
| CVE-2021-41471 | 0.00 | — | 0.01 | Jan 24, 2022 | SQL injection vulnerability in Sourcecodester South Gate Inn Online Reservation System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the email and Password parameters. | |||
| CVE-2021-40907 | 0.00 | — | 0.01 | Jan 24, 2022 | SQL injection vulnerability in Sourcecodester Storage Unit Rental Management System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username parameter to /storage/classes/Login.php. | |||
| CVE-2021-40596 | 0.00 | — | 0.01 | Jan 24, 2022 | SQL injection vulnerability in Login.php in sourcecodester Online Learning System v2 by oretnom23, allows attackers to execute arbitrary SQL commands via the faculty_id parameter. | |||
| CVE-2022-22296 | 0.00 | — | 0.01 | Jan 24, 2022 | Sourcecodester Hospital's Patient Records Management System 1.0 is vulnerable to Insecure Permissions via the id parameter in manage_user endpoint. Simply change the value and data of other users can be displayed. | |||
| CVE-2021-40595 | 0.00 | — | 0.01 | Jan 21, 2022 | SQL injection vulnerability in Sourcecodester Online Leave Management System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username parameter to /leave_system/classes/Login.php. | |||
| CVE-2021-46309 | 0.00 | — | 0.02 | Jan 21, 2022 | An SQL Injection vulnerability exists in Sourcecodester Employee and Visitor Gate Pass Logging System 1.0 via the username parameter. | |||
| CVE-2021-46308 | 0.00 | — | 0.02 | Jan 21, 2022 | An SQL Injection vulnerability exists in Sourcecodester Online Railway Reservation Sysytem 1.0 via the sid parameter. | |||
| CVE-2021-46201 | 0.00 | — | 0.02 | Jan 21, 2022 | An SQL Injection vulnerability exists in Sourcecodester Online Resort Management System 1.0 via the id parameterv in /orms/ node. | |||
| CVE-2021-46200 | 0.00 | — | 0.02 | Jan 21, 2022 | An SQL Injection vulnerability exists in Sourcecodester Simple Music Clour Community System 1.0 via the email parameter in /music/ajax.php. | |||
| CVE-2021-44244 | 0.00 | — | 0.01 | Jan 20, 2022 | An SQL Injection vulnerabiity exists in Sourcecodester Logistic Hub Parcel's Management System 1.0 via the username parameter in login.php. | |||
| CVE-2021-44091 | 0.00 | — | 0.01 | Jan 20, 2022 | A Cross-Site Scripting (XSS) vulnerability exists in Courcecodester Multi Restaurant Table Reservation System 1.0 in register.php via the (1) fullname, (2) phone, and (3) address parameters. | |||
| CVE-2021-45411 | 0.00 | — | 0.04 | Jan 12, 2022 | In Sourcecodetester Printable Staff ID Card Creator System 1.0 after compromising the database via SQLi, an attacker can log in and leverage an arbitrary file upload vulnerability to obtain remote code execution. | |||
| CVE-2021-45334 | 0.00 | — | 0.03 | Jan 9, 2022 | Sourcecodester Online Thesis Archiving System 1.0 is vulnerable to SQL Injection. An attacker can bypass admin authentication and gain access to admin panel using SQL Injection | |||
| CVE-2021-40260 | 0.00 | — | 0.01 | Nov 8, 2021 | Multiple Cross Site Scripting (XSS) vulnerabilities exist in SourceCodester Tailor Management 1.0 via the (1) eid parameter in (a) partedit.php and (b) customeredit.php, the (2) id parameter in (a) editmeasurement.php and (b) addpayment.php, and the (3) error parameter in… | |||
| CVE-2021-42662 | 0.00 | — | 0.02 | Nov 5, 2021 | A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Online Event Booking and Reservation System in PHP/MySQL via the Holiday reason parameter. An attacker can leverage this vulnerability in order to run javascript commands on the web server surfers behalf,… | |||
| CVE-2021-41492 | 0.00 | — | 0.02 | Nov 3, 2021 | Multiple SQL Injection vulnerabilities exist in Sourcecodester Simple Cashiering System (POS) 1.0 via the (1) Product Code in the pos page in cashiering. (2) id parameter in manage_products and the (3) t paramater in actions.php. | |||
| CVE-2021-43141 | 0.00 | — | 0.01 | Nov 3, 2021 | Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Simple Subscription Website 1.0 via the id parameter in plan_application. | |||
| CVE-2021-41676 | 0.00 | — | 0.01 | Oct 29, 2021 | An SQL Injection vulnerabilty exists in the oretnom23 Pharmacy Point of Sale System 1.0 in the login function in actions.php. | |||
| CVE-2021-41728 | 0.00 | — | 0.01 | Oct 28, 2021 | Cross Site Scripting (XSS) vulnerability exists in Sourcecodester News247 CMS 1.0 via the search function in articles. | |||
| CVE-2021-38840 | 0.00 | — | 0.02 | Sep 7, 2021 | SQL Injection can occur in Simple Water Refilling Station Management System 1.0 via the water_refilling/classes/Login.php username parameter. | |||
| CVE-2021-38752 | 0.00 | — | 0.01 | Aug 16, 2021 | A cross-site scripting (XSS) vulnerability in Online Catering Reservation System using PHP on Sourcecodester allows an attacker to arbitrarily inject code in the search bar. | |||
| CVE-2021-36623 | 0.00 | — | 0.02 | Aug 3, 2021 | Arbitrary File Upload in Sourcecodester Phone Shop Sales Management System 1.0 enables RCE. | |||
| CVE-2021-36624 | 0.00 | — | 0.03 | Jul 29, 2021 | Sourcecodester Phone Shop Sales Managements System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass. | |||
| CVE-2021-34166 | 0.00 | — | 0.03 | Jul 28, 2021 | A SQL INJECTION vulnerability in Sourcecodester Simple Food Website 1.0 allows a remote attacker to Bypass Authentication and become Admin. | |||
| CVE-2021-34165 | 0.00 | — | 0.03 | Jul 28, 2021 | A SQL Injection vulnerability in Sourcecodester Basic Shopping Cart 1.0 allows a remote attacker to Bypass Authentication and become Admin. | |||
| CVE-2021-25206 | 0.00 | — | 0.02 | Jul 23, 2021 | Arbitrary file upload vulnerability in SourceCodester Responsive Ordering System v 1.0 allows attackers to execute arbitrary code via the file upload to Product_model.php. | |||
| CVE-2021-26224 | 0.00 | — | 0.01 | Jul 22, 2021 | Cross-site scripting (XSS) vulnerability in SourceCodester Fantastic-Blog-CMS V 1.0 allows remote attackers to inject arbitrary web script or HTML via the search field to search.php. | |||
| CVE-2021-26232 | 0.00 | — | 0.03 | Jul 22, 2021 | SQL injection vulnerability in SourceCodester Simple College Website v 1.0 allows remote attackers to execute arbitrary SQL statements via the id parameter to news.php. | |||
| CVE-2021-26231 | 0.00 | — | 0.02 | Jul 22, 2021 | SQL injection vulnerability in SourceCodester Fantastic Blog CMS v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to category.php. | |||
| CVE-2021-35337 | 0.00 | — | 0.01 | Jul 1, 2021 | Sourcecodester Phone Shop Sales Managements System 1.0 is vulnerable to Insecure Direct Object Reference (IDOR). Any attacker will be able to see the invoices of different users by changing the id parameter. | |||
| CVE-2020-25362 | 0.00 | — | 0.02 | Jun 2, 2021 | The id paramater in Online Shopping Alphaware 1.0 has been discovered to be vulnerable to an Error-Based blind SQL injection in the /alphaware/details.php path. This allows an attacker to retrieve all databases. | |||
| CVE-2021-29388 | 0.00 | — | 0.00 | Apr 28, 2021 | A stored cross-site scripting (XSS) vulnerability in SourceCodester Budget Management System 1.0 allows users to inject and store arbitrary JavaScript code in index.php via vulnerable field 'Budget Title'. | |||
| CVE-2020-28173 | 0.00 | — | 0.03 | Mar 31, 2021 | Simple College Website 1.0 allows a user to conduct remote code execution via /alumni/admin/ajax.php?action=save_settings when uploading a malicious file using the image upload functionality, which is stored in /alumni/admin/assets/uploads/. | |||
| CVE-2020-28074 | 0.00 | — | 0.02 | Dec 23, 2020 | SourceCodester Online Health Care System 1.0 is affected by SQL Injection which allows a potential attacker to bypass the authentication system and become an admin. | |||
| CVE-2020-25889 | 0.00 | — | 0.03 | Dec 8, 2020 | Online Bus Booking System Project Using PHP/MySQL version 1.0 has SQL injection via the login page. By placing SQL injection payload on the login page attackers can bypass the authentication and can gain the admin privilege. | |||
| CVE-2020-28140 | 0.00 | — | 0.02 | Nov 17, 2020 | SourceCodester Online Clothing Store 1.0 is affected by an arbitrary file upload via the image upload feature of Products.php. | |||
| CVE-2020-28139 | 0.00 | — | 0.01 | Nov 17, 2020 | SourceCodester Online Clothing Store 1.0 is affected by a cross-site scripting (XSS) vulnerability via a Offer Detail field in offer.php. | |||
| CVE-2020-28138 | 0.00 | — | 0.02 | Nov 17, 2020 | SourceCodester Online Clothing Store 1.0 is affected by a SQL Injection via the txtUserName parameter to login.php. | |||
| CVE-2020-24194 | 0.00 | — | 0.01 | Sep 9, 2020 | A Cross-site scripting (XSS) vulnerability in 'user-profile.php' in SourceCodester Daily Tracker System v1.0 allows remote attackers to inject arbitrary web script or HTML via the 'fullname' parameter. | |||
| CVE-2020-24193 | 0.00 | — | 0.03 | Sep 3, 2020 | A SQL injection vulnerability in login in Sourcecodetester Daily Tracker System 1.0 allows unauthenticated user to execute authentication bypass with SQL injection via the email parameter. | |||
| CVE-2020-24208 | 0.00 | — | 0.03 | Aug 17, 2020 | A SQL injection vulnerability in SourceCodester Online Shopping Alphaware 1.0 allows remote unauthenticated attackers to bypass the authentication process via email and password parameters. | |||
| CVE-2020-14972 | 0.00 | — | 0.05 | Jun 22, 2020 | Multiple SQL injection vulnerabilities in Sourcecodester Pisay Online E-Learning System 1.0 allow remote unauthenticated attackers to bypass authentication and achieve Remote Code Execution (RCE) via the user_email, user_pass, and id parameters on the admin login-portal and the… | |||
| CVE-2019-18344 | 0.00 | — | 0.01 | Oct 23, 2019 | Sourcecodester Online Grading System 1.0 is vulnerable to unauthenticated SQL injection and can allow remote attackers to execute arbitrary SQL commands via the student, instructor, department, room, class, or user page (id or classid parameter). | |||
| CVE-2019-18280 | 0.00 | — | 0.00 | Oct 23, 2019 | Sourcecodester Online Grading System 1.0 is affected by a Cross Site Request Forgery vulnerability due to a lack of CSRF protection. This could lead to an attacker tricking the administrator into executing arbitrary code via a crafted HTML page, as demonstrated by a Create User… | |||
| CVE-2018-18757 | 0.00 | — | 0.02 | Jun 19, 2019 | Open Faculty Evaluation System 5.6 for PHP 5.6 allows submit_feedback.php SQL Injection, a different vulnerability than CVE-2018-18758. |
- CVE-2021-41658Jan 24, 2022risk 0.00cvss —epss 0.01
Cross Site Scripting (XSS) in Sourcecodester Student Quarterly Grading System by oretnom23, allows attackers to execute arbitrary code via the fullname and username parameters to the users page.
- CVE-2021-41471Jan 24, 2022risk 0.00cvss —epss 0.01
SQL injection vulnerability in Sourcecodester South Gate Inn Online Reservation System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the email and Password parameters.
- CVE-2021-40907Jan 24, 2022risk 0.00cvss —epss 0.01
SQL injection vulnerability in Sourcecodester Storage Unit Rental Management System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username parameter to /storage/classes/Login.php.
- CVE-2021-40596Jan 24, 2022risk 0.00cvss —epss 0.01
SQL injection vulnerability in Login.php in sourcecodester Online Learning System v2 by oretnom23, allows attackers to execute arbitrary SQL commands via the faculty_id parameter.
- CVE-2022-22296Jan 24, 2022risk 0.00cvss —epss 0.01
Sourcecodester Hospital's Patient Records Management System 1.0 is vulnerable to Insecure Permissions via the id parameter in manage_user endpoint. Simply change the value and data of other users can be displayed.
- CVE-2021-40595Jan 21, 2022risk 0.00cvss —epss 0.01
SQL injection vulnerability in Sourcecodester Online Leave Management System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username parameter to /leave_system/classes/Login.php.
- CVE-2021-46309Jan 21, 2022risk 0.00cvss —epss 0.02
An SQL Injection vulnerability exists in Sourcecodester Employee and Visitor Gate Pass Logging System 1.0 via the username parameter.
- CVE-2021-46308Jan 21, 2022risk 0.00cvss —epss 0.02
An SQL Injection vulnerability exists in Sourcecodester Online Railway Reservation Sysytem 1.0 via the sid parameter.
- CVE-2021-46201Jan 21, 2022risk 0.00cvss —epss 0.02
An SQL Injection vulnerability exists in Sourcecodester Online Resort Management System 1.0 via the id parameterv in /orms/ node.
- CVE-2021-46200Jan 21, 2022risk 0.00cvss —epss 0.02
An SQL Injection vulnerability exists in Sourcecodester Simple Music Clour Community System 1.0 via the email parameter in /music/ajax.php.
- CVE-2021-44244Jan 20, 2022risk 0.00cvss —epss 0.01
An SQL Injection vulnerabiity exists in Sourcecodester Logistic Hub Parcel's Management System 1.0 via the username parameter in login.php.
- CVE-2021-44091Jan 20, 2022risk 0.00cvss —epss 0.01
A Cross-Site Scripting (XSS) vulnerability exists in Courcecodester Multi Restaurant Table Reservation System 1.0 in register.php via the (1) fullname, (2) phone, and (3) address parameters.
- CVE-2021-45411Jan 12, 2022risk 0.00cvss —epss 0.04
In Sourcecodetester Printable Staff ID Card Creator System 1.0 after compromising the database via SQLi, an attacker can log in and leverage an arbitrary file upload vulnerability to obtain remote code execution.
- CVE-2021-45334Jan 9, 2022risk 0.00cvss —epss 0.03
Sourcecodester Online Thesis Archiving System 1.0 is vulnerable to SQL Injection. An attacker can bypass admin authentication and gain access to admin panel using SQL Injection
- CVE-2021-40260Nov 8, 2021risk 0.00cvss —epss 0.01
Multiple Cross Site Scripting (XSS) vulnerabilities exist in SourceCodester Tailor Management 1.0 via the (1) eid parameter in (a) partedit.php and (b) customeredit.php, the (2) id parameter in (a) editmeasurement.php and (b) addpayment.php, and the (3) error parameter in…
- CVE-2021-42662Nov 5, 2021risk 0.00cvss —epss 0.02
A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Online Event Booking and Reservation System in PHP/MySQL via the Holiday reason parameter. An attacker can leverage this vulnerability in order to run javascript commands on the web server surfers behalf,…
- CVE-2021-41492Nov 3, 2021risk 0.00cvss —epss 0.02
Multiple SQL Injection vulnerabilities exist in Sourcecodester Simple Cashiering System (POS) 1.0 via the (1) Product Code in the pos page in cashiering. (2) id parameter in manage_products and the (3) t paramater in actions.php.
- CVE-2021-43141Nov 3, 2021risk 0.00cvss —epss 0.01
Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Simple Subscription Website 1.0 via the id parameter in plan_application.
- CVE-2021-41676Oct 29, 2021risk 0.00cvss —epss 0.01
An SQL Injection vulnerabilty exists in the oretnom23 Pharmacy Point of Sale System 1.0 in the login function in actions.php.
- CVE-2021-41728Oct 28, 2021risk 0.00cvss —epss 0.01
Cross Site Scripting (XSS) vulnerability exists in Sourcecodester News247 CMS 1.0 via the search function in articles.
- CVE-2021-38840Sep 7, 2021risk 0.00cvss —epss 0.02
SQL Injection can occur in Simple Water Refilling Station Management System 1.0 via the water_refilling/classes/Login.php username parameter.
- CVE-2021-38752Aug 16, 2021risk 0.00cvss —epss 0.01
A cross-site scripting (XSS) vulnerability in Online Catering Reservation System using PHP on Sourcecodester allows an attacker to arbitrarily inject code in the search bar.
- CVE-2021-36623Aug 3, 2021risk 0.00cvss —epss 0.02
Arbitrary File Upload in Sourcecodester Phone Shop Sales Management System 1.0 enables RCE.
- CVE-2021-36624Jul 29, 2021risk 0.00cvss —epss 0.03
Sourcecodester Phone Shop Sales Managements System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
- CVE-2021-34166Jul 28, 2021risk 0.00cvss —epss 0.03
A SQL INJECTION vulnerability in Sourcecodester Simple Food Website 1.0 allows a remote attacker to Bypass Authentication and become Admin.
- CVE-2021-34165Jul 28, 2021risk 0.00cvss —epss 0.03
A SQL Injection vulnerability in Sourcecodester Basic Shopping Cart 1.0 allows a remote attacker to Bypass Authentication and become Admin.
- CVE-2021-25206Jul 23, 2021risk 0.00cvss —epss 0.02
Arbitrary file upload vulnerability in SourceCodester Responsive Ordering System v 1.0 allows attackers to execute arbitrary code via the file upload to Product_model.php.
- CVE-2021-26224Jul 22, 2021risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in SourceCodester Fantastic-Blog-CMS V 1.0 allows remote attackers to inject arbitrary web script or HTML via the search field to search.php.
- CVE-2021-26232Jul 22, 2021risk 0.00cvss —epss 0.03
SQL injection vulnerability in SourceCodester Simple College Website v 1.0 allows remote attackers to execute arbitrary SQL statements via the id parameter to news.php.
- CVE-2021-26231Jul 22, 2021risk 0.00cvss —epss 0.02
SQL injection vulnerability in SourceCodester Fantastic Blog CMS v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to category.php.
- CVE-2021-35337Jul 1, 2021risk 0.00cvss —epss 0.01
Sourcecodester Phone Shop Sales Managements System 1.0 is vulnerable to Insecure Direct Object Reference (IDOR). Any attacker will be able to see the invoices of different users by changing the id parameter.
- CVE-2020-25362Jun 2, 2021risk 0.00cvss —epss 0.02
The id paramater in Online Shopping Alphaware 1.0 has been discovered to be vulnerable to an Error-Based blind SQL injection in the /alphaware/details.php path. This allows an attacker to retrieve all databases.
- CVE-2021-29388Apr 28, 2021risk 0.00cvss —epss 0.00
A stored cross-site scripting (XSS) vulnerability in SourceCodester Budget Management System 1.0 allows users to inject and store arbitrary JavaScript code in index.php via vulnerable field 'Budget Title'.
- CVE-2020-28173Mar 31, 2021risk 0.00cvss —epss 0.03
Simple College Website 1.0 allows a user to conduct remote code execution via /alumni/admin/ajax.php?action=save_settings when uploading a malicious file using the image upload functionality, which is stored in /alumni/admin/assets/uploads/.
- CVE-2020-28074Dec 23, 2020risk 0.00cvss —epss 0.02
SourceCodester Online Health Care System 1.0 is affected by SQL Injection which allows a potential attacker to bypass the authentication system and become an admin.
- CVE-2020-25889Dec 8, 2020risk 0.00cvss —epss 0.03
Online Bus Booking System Project Using PHP/MySQL version 1.0 has SQL injection via the login page. By placing SQL injection payload on the login page attackers can bypass the authentication and can gain the admin privilege.
- CVE-2020-28140Nov 17, 2020risk 0.00cvss —epss 0.02
SourceCodester Online Clothing Store 1.0 is affected by an arbitrary file upload via the image upload feature of Products.php.
- CVE-2020-28139Nov 17, 2020risk 0.00cvss —epss 0.01
SourceCodester Online Clothing Store 1.0 is affected by a cross-site scripting (XSS) vulnerability via a Offer Detail field in offer.php.
- CVE-2020-28138Nov 17, 2020risk 0.00cvss —epss 0.02
SourceCodester Online Clothing Store 1.0 is affected by a SQL Injection via the txtUserName parameter to login.php.
- CVE-2020-24194Sep 9, 2020risk 0.00cvss —epss 0.01
A Cross-site scripting (XSS) vulnerability in 'user-profile.php' in SourceCodester Daily Tracker System v1.0 allows remote attackers to inject arbitrary web script or HTML via the 'fullname' parameter.
- CVE-2020-24193Sep 3, 2020risk 0.00cvss —epss 0.03
A SQL injection vulnerability in login in Sourcecodetester Daily Tracker System 1.0 allows unauthenticated user to execute authentication bypass with SQL injection via the email parameter.
- CVE-2020-24208Aug 17, 2020risk 0.00cvss —epss 0.03
A SQL injection vulnerability in SourceCodester Online Shopping Alphaware 1.0 allows remote unauthenticated attackers to bypass the authentication process via email and password parameters.
- CVE-2020-14972Jun 22, 2020risk 0.00cvss —epss 0.05
Multiple SQL injection vulnerabilities in Sourcecodester Pisay Online E-Learning System 1.0 allow remote unauthenticated attackers to bypass authentication and achieve Remote Code Execution (RCE) via the user_email, user_pass, and id parameters on the admin login-portal and the…
- CVE-2019-18344Oct 23, 2019risk 0.00cvss —epss 0.01
Sourcecodester Online Grading System 1.0 is vulnerable to unauthenticated SQL injection and can allow remote attackers to execute arbitrary SQL commands via the student, instructor, department, room, class, or user page (id or classid parameter).
- CVE-2019-18280Oct 23, 2019risk 0.00cvss —epss 0.00
Sourcecodester Online Grading System 1.0 is affected by a Cross Site Request Forgery vulnerability due to a lack of CSRF protection. This could lead to an attacker tricking the administrator into executing arbitrary code via a crafted HTML page, as demonstrated by a Create User…
- CVE-2018-18757Jun 19, 2019risk 0.00cvss —epss 0.02
Open Faculty Evaluation System 5.6 for PHP 5.6 allows submit_feedback.php SQL Injection, a different vulnerability than CVE-2018-18758.
Page 34 of 34