Vendor CVEs
Sourcecodester
All CVEs
1,696 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-5209 | Low | 0.16 | 2.4 | 0.00 | Mar 31, 2026 | A security vulnerability has been detected in SourceCodester Leave Application System 1.0. Affected by this issue is some unknown functionality of the component User Management Handler. Such manipulation leads to cross site scripting. The attack may be launched remotely. The… | ||
| CVE-2025-7144 | Low | 0.16 | 2.4 | 0.00 | Jul 7, 2025 | A vulnerability has been found in SourceCodester Best Salon Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /panel/admin-profile.php of the component Admin Profile Page. The manipulation of the argument Admin Name leads to… | ||
| CVE-2025-7143 | Low | 0.16 | 2.4 | 0.00 | Jul 7, 2025 | A vulnerability, which was classified as problematic, was found in SourceCodester Best Salon Management System 1.0. This affects an unknown part of the file /panel/edit-tax.php of the component Update Tax Page. The manipulation of the argument Tax Name leads to cross site… | ||
| CVE-2025-7142 | Low | 0.16 | 2.4 | 0.00 | Jul 7, 2025 | A vulnerability, which was classified as problematic, has been found in SourceCodester Best Salon Management System 1.0. Affected by this issue is some unknown functionality of the file /panel/search-appointment.php. The manipulation leads to cross site scripting. The attack may… | ||
| CVE-2025-7141 | Low | 0.16 | 2.4 | 0.00 | Jul 7, 2025 | A vulnerability classified as problematic was found in SourceCodester Best Salon Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /panel/edit_plan.php of the component Update Staff Page. The manipulation leads to cross site scripting.… | ||
| CVE-2025-7140 | Low | 0.16 | 2.4 | 0.00 | Jul 7, 2025 | A vulnerability classified as problematic has been found in SourceCodester Best Salon Management System 1.0. Affected is an unknown function of the file /panel/edit-staff.php of the component Update Staff Page. The manipulation of the argument Staff Name leads to cross site… | ||
| CVE-2025-7139 | Low | 0.16 | 2.4 | 0.00 | Jul 7, 2025 | A vulnerability was found in SourceCodester Best Salon Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /panel/edit-customer-detailed.php of the component Update Customer Details Page. The manipulation of the… | ||
| CVE-2023-33440 | 0.10 | — | 0.15 | May 26, 2023 | Sourcecodester Faculty Evaluation System v1.0 is vulnerable to arbitrary code execution via /eval/ajax.php?action=save_user. | |||
| CVE-2022-40471 | 0.10 | — | 0.19 | Oct 31, 2022 | Remote Code Execution in Clinic's Patient Management System v 1.0 allows Attacker to Upload arbitrary php webshell via profile picture upload functionality in users.php | |||
| CVE-2022-40032 | 0.08 | — | 0.21 | Feb 17, 2023 | SQL Injection vulnerability in Simple Task Managing System version 1.0 in login.php in 'username' and 'password' parameters, allows attackers to execute arbitrary code and gain sensitive information. | |||
| CVE-2022-2297 | 0.08 | — | 0.03 | Jul 12, 2022 | A vulnerability, which was classified as critical, was found in SourceCodester Clinics Patient Management System 2.0. Affected is an unknown function of the file /pms/update_user.php?user_id=1. The manipulation of the argument profile_picture with the input <?php phpinfo();?>… | |||
| CVE-2022-27927 | 0.07 | — | 0.14 | Apr 19, 2022 | A SQL injection vulnerability exists in Microfinance Management System 1.0 when MySQL is being used as the application database. An attacker can issue SQL commands to the MySQL database through the vulnerable course_code and/or customer_number parameter. | |||
| CVE-2024-24494 | 0.06 | — | 0.26 | Feb 8, 2024 | Cross Site Scripting vulnerability in Daily Habit Tracker v.1.0 allows a remote attacker to execute arbitrary code via the day, exercise, pray, read_book, vitamins, laundry, alcohol and meat parameters in the add-tracker.php and update-tracker.php components. | |||
| CVE-2023-2130 | 0.06 | — | 0.04 | Apr 17, 2023 | A vulnerability classified as critical has been found in SourceCodester Purchase Order Management System 1.0. Affected is an unknown function of the file /admin/suppliers/view_details.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql… | |||
| CVE-2022-2467 | 0.06 | — | 0.03 | Jul 19, 2022 | A vulnerability has been found in SourceCodester Garage Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /login.php. The manipulation of the argument username with the input 1@a.com' AND (SELECT 6427 FROM… | |||
| CVE-2021-42667 | 0.06 | — | 0.16 | Nov 5, 2021 | A SQL Injection vulnerability exists in Sourcecodester Online Event Booking and Reservation System in PHP in event-management/views. An attacker can leverage this vulnerability in order to manipulate the sql query performed. As a result he can extract sensitive data from the web… | |||
| CVE-2023-33584 | 0.05 | — | 0.14 | Jun 21, 2023 | Sourcecodester Enrollment System Project V1.0 is vulnerable to SQL Injection (SQLI) attacks, which allow an attacker to manipulate the SQL queries executed by the application. The application fails to properly validate user-supplied input in the username and password fields… | |||
| CVE-2021-43510 | 0.05 | — | 0.08 | Feb 1, 2022 | SQL Injection vulnerability exists in Sourcecodester Simple Client Management System 1.0 via the username field in login.php. | |||
| CVE-2023-33439 | 0.04 | — | 0.03 | May 26, 2023 | Sourcecodester Faculty Evaluation System v1.0 is vulnerable to SQL Injection via /eval/admin/manage_task.php?id=. | |||
| CVE-2024-34833 | 0.03 | — | 0.02 | Jun 17, 2024 | Sourcecodester Payroll Management System v1.0 is vulnerable to File Upload. Users can upload images via the "save_settings" page. An unauthenticated attacker can leverage this functionality to upload a malicious PHP file instead. Successful exploitation of this vulnerability… | |||
| CVE-2024-27744 | 0.03 | — | 0.01 | Mar 1, 2024 | Cross Site Scripting vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to execute arbitrary code via a crafted payload to the image parameter in the profile.php component. | |||
| CVE-2023-34581 | 0.03 | — | 0.03 | Jun 12, 2023 | Sourcecodester Service Provider Management System v1.0 is vulnerable to SQL Injection via the ID parameter in /php-spms/?page=services/view&id=2 | |||
| CVE-2023-3184 | 0.03 | — | 0.02 | Jun 9, 2023 | A vulnerability was found in SourceCodester Sales Tracker Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /classes/Users.php?f=save. The manipulation of the argument firstname/middlename/lastname/username… | |||
| CVE-2023-1826 | 0.03 | — | 0.04 | Apr 4, 2023 | A vulnerability, which was classified as critical, was found in SourceCodester Online Computer and Laptop Store 1.0. This affects an unknown part of the file php-ocls\admin\system_info\index.php. The manipulation of the argument img leads to unrestricted upload. It is possible… | |||
| CVE-2023-0963 | 0.03 | — | 0.05 | Feb 22, 2023 | A vulnerability was found in SourceCodester Music Gallery Site 1.0. It has been rated as critical. This issue affects some unknown processing of the file Users.php of the component POST Request Handler. The manipulation leads to improper access controls. The attack may be… | |||
| CVE-2023-0962 | 0.03 | — | 0.02 | Feb 22, 2023 | A vulnerability was found in SourceCodester Music Gallery Site 1.0. It has been declared as critical. This vulnerability affects unknown code of the file Master.php of the component GET Request Handler. The manipulation of the argument id leads to sql injection. The attack can… | |||
| CVE-2023-0961 | 0.03 | — | 0.02 | Feb 22, 2023 | A vulnerability was found in SourceCodester Music Gallery Site 1.0. It has been classified as critical. This affects an unknown part of the file view_music_details.php of the component GET Request Handler. The manipulation of the argument id leads to sql injection. It is… | |||
| CVE-2023-0943 | 0.03 | — | 0.02 | Feb 21, 2023 | A vulnerability, which was classified as problematic, has been found in SourceCodester Best POS Management System 1.0. This issue affects the function save_settings of the file index.php?page=site_settings of the component Image Handler. The manipulation of the argument img with… | |||
| CVE-2023-0938 | 0.03 | — | 0.02 | Feb 21, 2023 | A vulnerability classified as critical has been found in SourceCodester Music Gallery Site 1.0. This affects an unknown part of the file music_list.php of the component GET Request Handler. The manipulation of the argument cid leads to sql injection. It is possible to initiate… | |||
| CVE-2023-0916 | 0.03 | — | 0.03 | Feb 19, 2023 | A vulnerability classified as critical was found in SourceCodester Auto Dealer Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /adms/classes/Users.php. The manipulation leads to improper access controls. The attack can be launched… | |||
| CVE-2023-0915 | 0.03 | — | 0.02 | Feb 19, 2023 | A vulnerability classified as critical has been found in SourceCodester Auto Dealer Management System 1.0. Affected is an unknown function of the file /adms/admin/?page=user/manage_user. The manipulation of the argument id leads to sql injection. It is possible to launch the… | |||
| CVE-2023-0913 | 0.03 | — | 0.02 | Feb 18, 2023 | A vulnerability classified as critical was found in SourceCodester Auto Dealer Management System 1.0. This vulnerability affects unknown code of the file /adms/admin/?page=vehicles/sell_vehicle. The manipulation of the argument id leads to sql injection. The attack can be… | |||
| CVE-2023-0912 | 0.03 | — | 0.02 | Feb 18, 2023 | A vulnerability classified as critical has been found in SourceCodester Auto Dealer Management System 1.0. This affects an unknown part of the file /adms/admin/?page=vehicles/view_transaction. The manipulation of the argument id leads to sql injection. It is possible to initiate… | |||
| CVE-2023-0905 | 0.03 | — | 0.03 | Feb 18, 2023 | A vulnerability classified as critical has been found in SourceCodester Employee Task Management System 1.0. Affected is an unknown function of the file changePasswordForEmployee.php. The manipulation leads to improper authentication. It is possible to launch the attack… | |||
| CVE-2023-0904 | 0.03 | — | 0.02 | Feb 18, 2023 | A vulnerability was found in SourceCodester Employee Task Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file task-details.php. The manipulation of the argument task_id leads to sql injection. The attack may be initiated… | |||
| CVE-2022-41358 | 0.03 | — | 0.03 | Oct 20, 2022 | A stored cross-site scripting (XSS) vulnerability in Garage Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the categoriesName parameter in createCategories.php. | |||
| CVE-2021-42580 | 0.03 | — | 0.10 | Nov 15, 2021 | Sourcecodester Online Learning System 2.0 is vunlerable to sql injection authentication bypass in admin login file (/admin/login.php) and authenticated file upload in (Master.php) file , we can craft these two vunlerablities to get unauthenticated remote command execution. | |||
| CVE-2021-40577 | 0.03 | — | 0.02 | Nov 8, 2021 | A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Online Enrollment Management System in PHP and PayPal Free Source Code 1.0 in the Add-Users page via the Name parameter. | |||
| CVE-2021-42663 | 0.03 | — | 0.04 | Nov 5, 2021 | An HTML injection vulnerability exists in Sourcecodester Online Event Booking and Reservation System in PHP/MySQL via the msg parameter to /event-management/index.php. An attacker can leverage this vulnerability in order to change the visibility of the website. Once the target… | |||
| CVE-2021-43140 | 0.03 | — | 0.05 | Nov 3, 2021 | SQL Injection vulnerability exists in Sourcecodester. Simple Subscription Website 1.0. via the login. | |||
| CVE-2024-40110 | 0.02 | — | 0.02 | Jul 12, 2024 | Sourcecodester Poultry Farm Management System v1.0 contains an Unauthenticated Remote Code Execution (RCE) vulnerability via the productimage parameter at /farm/product.php. | |||
| CVE-2024-6043 | 0.02 | — | 0.02 | Jun 17, 2024 | A vulnerability classified as critical has been found in SourceCodester Best House Rental Management System 1.0. This affects the function login of the file admin_class.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack… | |||
| CVE-2023-29623 | 0.02 | — | 0.01 | Apr 14, 2023 | Purchase Order Management v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the password parameter at /purchase_order/classes/login.php. | |||
| CVE-2021-44087 | 0.02 | — | 0.05 | Mar 17, 2022 | A Remote Code Execution (RCE) vulnerability exists in Sourcecodester Attendance and Payroll System v1.0 which allows an unauthenticated remote attacker to upload a maliciously crafted PHP via photo upload. | |||
| CVE-2024-51030 | 0.01 | — | 0.01 | Nov 8, 2024 | A SQL injection vulnerability in manage_client.php and view_cab.php of Sourcecodester Cab Management System 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter, leading to unauthorized access and potential compromise of sensitive data within the… | |||
| CVE-2024-48427 | 0.01 | — | 0.01 | Oct 24, 2024 | A SQL injection vulnerability in Sourcecodester Packers and Movers Management System v1.0 allows remote authenticated users to execute arbitrary SQL commands via the id parameter in /mpms/admin/?page=services/manage_service&id | |||
| CVE-2024-24142 | 0.01 | — | 0.01 | Feb 13, 2024 | Sourcecodester School Task Manager 1.0 allows SQL Injection via the 'subject' parameter. | |||
| CVE-2024-24141 | 0.01 | — | 0.01 | Jan 29, 2024 | Sourcecodester School Task Manager App 1.0 allows SQL Injection via the 'task' parameter. | |||
| CVE-2024-24139 | 0.01 | — | 0.01 | Jan 29, 2024 | Sourcecodester Login System with Email Verification 1.0 allows SQL Injection via the 'user' parameter. | |||
| CVE-2023-50071 | 0.01 | — | 0.14 | Dec 29, 2023 | Sourcecodester Customer Support System 1.0 has multiple SQL injection vulnerabilities in /customer_support/ajax.php?action=save_department via id or name. |
- risk 0.16cvss 2.4epss 0.00
A security vulnerability has been detected in SourceCodester Leave Application System 1.0. Affected by this issue is some unknown functionality of the component User Management Handler. Such manipulation leads to cross site scripting. The attack may be launched remotely. The…
- risk 0.16cvss 2.4epss 0.00
A vulnerability has been found in SourceCodester Best Salon Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /panel/admin-profile.php of the component Admin Profile Page. The manipulation of the argument Admin Name leads to…
- risk 0.16cvss 2.4epss 0.00
A vulnerability, which was classified as problematic, was found in SourceCodester Best Salon Management System 1.0. This affects an unknown part of the file /panel/edit-tax.php of the component Update Tax Page. The manipulation of the argument Tax Name leads to cross site…
- risk 0.16cvss 2.4epss 0.00
A vulnerability, which was classified as problematic, has been found in SourceCodester Best Salon Management System 1.0. Affected by this issue is some unknown functionality of the file /panel/search-appointment.php. The manipulation leads to cross site scripting. The attack may…
- risk 0.16cvss 2.4epss 0.00
A vulnerability classified as problematic was found in SourceCodester Best Salon Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /panel/edit_plan.php of the component Update Staff Page. The manipulation leads to cross site scripting.…
- risk 0.16cvss 2.4epss 0.00
A vulnerability classified as problematic has been found in SourceCodester Best Salon Management System 1.0. Affected is an unknown function of the file /panel/edit-staff.php of the component Update Staff Page. The manipulation of the argument Staff Name leads to cross site…
- risk 0.16cvss 2.4epss 0.00
A vulnerability was found in SourceCodester Best Salon Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /panel/edit-customer-detailed.php of the component Update Customer Details Page. The manipulation of the…
- CVE-2023-33440May 26, 2023risk 0.10cvss —epss 0.15
Sourcecodester Faculty Evaluation System v1.0 is vulnerable to arbitrary code execution via /eval/ajax.php?action=save_user.
- CVE-2022-40471Oct 31, 2022risk 0.10cvss —epss 0.19
Remote Code Execution in Clinic's Patient Management System v 1.0 allows Attacker to Upload arbitrary php webshell via profile picture upload functionality in users.php
- CVE-2022-40032Feb 17, 2023risk 0.08cvss —epss 0.21
SQL Injection vulnerability in Simple Task Managing System version 1.0 in login.php in 'username' and 'password' parameters, allows attackers to execute arbitrary code and gain sensitive information.
- CVE-2022-2297Jul 12, 2022risk 0.08cvss —epss 0.03
A vulnerability, which was classified as critical, was found in SourceCodester Clinics Patient Management System 2.0. Affected is an unknown function of the file /pms/update_user.php?user_id=1. The manipulation of the argument profile_picture with the input <?php phpinfo();?>…
- CVE-2022-27927Apr 19, 2022risk 0.07cvss —epss 0.14
A SQL injection vulnerability exists in Microfinance Management System 1.0 when MySQL is being used as the application database. An attacker can issue SQL commands to the MySQL database through the vulnerable course_code and/or customer_number parameter.
- CVE-2024-24494Feb 8, 2024risk 0.06cvss —epss 0.26
Cross Site Scripting vulnerability in Daily Habit Tracker v.1.0 allows a remote attacker to execute arbitrary code via the day, exercise, pray, read_book, vitamins, laundry, alcohol and meat parameters in the add-tracker.php and update-tracker.php components.
- CVE-2023-2130Apr 17, 2023risk 0.06cvss —epss 0.04
A vulnerability classified as critical has been found in SourceCodester Purchase Order Management System 1.0. Affected is an unknown function of the file /admin/suppliers/view_details.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql…
- CVE-2022-2467Jul 19, 2022risk 0.06cvss —epss 0.03
A vulnerability has been found in SourceCodester Garage Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /login.php. The manipulation of the argument username with the input 1@a.com' AND (SELECT 6427 FROM…
- CVE-2021-42667Nov 5, 2021risk 0.06cvss —epss 0.16
A SQL Injection vulnerability exists in Sourcecodester Online Event Booking and Reservation System in PHP in event-management/views. An attacker can leverage this vulnerability in order to manipulate the sql query performed. As a result he can extract sensitive data from the web…
- CVE-2023-33584Jun 21, 2023risk 0.05cvss —epss 0.14
Sourcecodester Enrollment System Project V1.0 is vulnerable to SQL Injection (SQLI) attacks, which allow an attacker to manipulate the SQL queries executed by the application. The application fails to properly validate user-supplied input in the username and password fields…
- CVE-2021-43510Feb 1, 2022risk 0.05cvss —epss 0.08
SQL Injection vulnerability exists in Sourcecodester Simple Client Management System 1.0 via the username field in login.php.
- CVE-2023-33439May 26, 2023risk 0.04cvss —epss 0.03
Sourcecodester Faculty Evaluation System v1.0 is vulnerable to SQL Injection via /eval/admin/manage_task.php?id=.
- CVE-2024-34833Jun 17, 2024risk 0.03cvss —epss 0.02
Sourcecodester Payroll Management System v1.0 is vulnerable to File Upload. Users can upload images via the "save_settings" page. An unauthenticated attacker can leverage this functionality to upload a malicious PHP file instead. Successful exploitation of this vulnerability…
- CVE-2024-27744Mar 1, 2024risk 0.03cvss —epss 0.01
Cross Site Scripting vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to execute arbitrary code via a crafted payload to the image parameter in the profile.php component.
- CVE-2023-34581Jun 12, 2023risk 0.03cvss —epss 0.03
Sourcecodester Service Provider Management System v1.0 is vulnerable to SQL Injection via the ID parameter in /php-spms/?page=services/view&id=2
- CVE-2023-3184Jun 9, 2023risk 0.03cvss —epss 0.02
A vulnerability was found in SourceCodester Sales Tracker Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /classes/Users.php?f=save. The manipulation of the argument firstname/middlename/lastname/username…
- CVE-2023-1826Apr 4, 2023risk 0.03cvss —epss 0.04
A vulnerability, which was classified as critical, was found in SourceCodester Online Computer and Laptop Store 1.0. This affects an unknown part of the file php-ocls\admin\system_info\index.php. The manipulation of the argument img leads to unrestricted upload. It is possible…
- CVE-2023-0963Feb 22, 2023risk 0.03cvss —epss 0.05
A vulnerability was found in SourceCodester Music Gallery Site 1.0. It has been rated as critical. This issue affects some unknown processing of the file Users.php of the component POST Request Handler. The manipulation leads to improper access controls. The attack may be…
- CVE-2023-0962Feb 22, 2023risk 0.03cvss —epss 0.02
A vulnerability was found in SourceCodester Music Gallery Site 1.0. It has been declared as critical. This vulnerability affects unknown code of the file Master.php of the component GET Request Handler. The manipulation of the argument id leads to sql injection. The attack can…
- CVE-2023-0961Feb 22, 2023risk 0.03cvss —epss 0.02
A vulnerability was found in SourceCodester Music Gallery Site 1.0. It has been classified as critical. This affects an unknown part of the file view_music_details.php of the component GET Request Handler. The manipulation of the argument id leads to sql injection. It is…
- CVE-2023-0943Feb 21, 2023risk 0.03cvss —epss 0.02
A vulnerability, which was classified as problematic, has been found in SourceCodester Best POS Management System 1.0. This issue affects the function save_settings of the file index.php?page=site_settings of the component Image Handler. The manipulation of the argument img with…
- CVE-2023-0938Feb 21, 2023risk 0.03cvss —epss 0.02
A vulnerability classified as critical has been found in SourceCodester Music Gallery Site 1.0. This affects an unknown part of the file music_list.php of the component GET Request Handler. The manipulation of the argument cid leads to sql injection. It is possible to initiate…
- CVE-2023-0916Feb 19, 2023risk 0.03cvss —epss 0.03
A vulnerability classified as critical was found in SourceCodester Auto Dealer Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /adms/classes/Users.php. The manipulation leads to improper access controls. The attack can be launched…
- CVE-2023-0915Feb 19, 2023risk 0.03cvss —epss 0.02
A vulnerability classified as critical has been found in SourceCodester Auto Dealer Management System 1.0. Affected is an unknown function of the file /adms/admin/?page=user/manage_user. The manipulation of the argument id leads to sql injection. It is possible to launch the…
- CVE-2023-0913Feb 18, 2023risk 0.03cvss —epss 0.02
A vulnerability classified as critical was found in SourceCodester Auto Dealer Management System 1.0. This vulnerability affects unknown code of the file /adms/admin/?page=vehicles/sell_vehicle. The manipulation of the argument id leads to sql injection. The attack can be…
- CVE-2023-0912Feb 18, 2023risk 0.03cvss —epss 0.02
A vulnerability classified as critical has been found in SourceCodester Auto Dealer Management System 1.0. This affects an unknown part of the file /adms/admin/?page=vehicles/view_transaction. The manipulation of the argument id leads to sql injection. It is possible to initiate…
- CVE-2023-0905Feb 18, 2023risk 0.03cvss —epss 0.03
A vulnerability classified as critical has been found in SourceCodester Employee Task Management System 1.0. Affected is an unknown function of the file changePasswordForEmployee.php. The manipulation leads to improper authentication. It is possible to launch the attack…
- CVE-2023-0904Feb 18, 2023risk 0.03cvss —epss 0.02
A vulnerability was found in SourceCodester Employee Task Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file task-details.php. The manipulation of the argument task_id leads to sql injection. The attack may be initiated…
- CVE-2022-41358Oct 20, 2022risk 0.03cvss —epss 0.03
A stored cross-site scripting (XSS) vulnerability in Garage Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the categoriesName parameter in createCategories.php.
- CVE-2021-42580Nov 15, 2021risk 0.03cvss —epss 0.10
Sourcecodester Online Learning System 2.0 is vunlerable to sql injection authentication bypass in admin login file (/admin/login.php) and authenticated file upload in (Master.php) file , we can craft these two vunlerablities to get unauthenticated remote command execution.
- CVE-2021-40577Nov 8, 2021risk 0.03cvss —epss 0.02
A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Online Enrollment Management System in PHP and PayPal Free Source Code 1.0 in the Add-Users page via the Name parameter.
- CVE-2021-42663Nov 5, 2021risk 0.03cvss —epss 0.04
An HTML injection vulnerability exists in Sourcecodester Online Event Booking and Reservation System in PHP/MySQL via the msg parameter to /event-management/index.php. An attacker can leverage this vulnerability in order to change the visibility of the website. Once the target…
- CVE-2021-43140Nov 3, 2021risk 0.03cvss —epss 0.05
SQL Injection vulnerability exists in Sourcecodester. Simple Subscription Website 1.0. via the login.
- CVE-2024-40110Jul 12, 2024risk 0.02cvss —epss 0.02
Sourcecodester Poultry Farm Management System v1.0 contains an Unauthenticated Remote Code Execution (RCE) vulnerability via the productimage parameter at /farm/product.php.
- CVE-2024-6043Jun 17, 2024risk 0.02cvss —epss 0.02
A vulnerability classified as critical has been found in SourceCodester Best House Rental Management System 1.0. This affects the function login of the file admin_class.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack…
- CVE-2023-29623Apr 14, 2023risk 0.02cvss —epss 0.01
Purchase Order Management v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the password parameter at /purchase_order/classes/login.php.
- CVE-2021-44087Mar 17, 2022risk 0.02cvss —epss 0.05
A Remote Code Execution (RCE) vulnerability exists in Sourcecodester Attendance and Payroll System v1.0 which allows an unauthenticated remote attacker to upload a maliciously crafted PHP via photo upload.
- CVE-2024-51030Nov 8, 2024risk 0.01cvss —epss 0.01
A SQL injection vulnerability in manage_client.php and view_cab.php of Sourcecodester Cab Management System 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter, leading to unauthorized access and potential compromise of sensitive data within the…
- CVE-2024-48427Oct 24, 2024risk 0.01cvss —epss 0.01
A SQL injection vulnerability in Sourcecodester Packers and Movers Management System v1.0 allows remote authenticated users to execute arbitrary SQL commands via the id parameter in /mpms/admin/?page=services/manage_service&id
- CVE-2024-24142Feb 13, 2024risk 0.01cvss —epss 0.01
Sourcecodester School Task Manager 1.0 allows SQL Injection via the 'subject' parameter.
- CVE-2024-24141Jan 29, 2024risk 0.01cvss —epss 0.01
Sourcecodester School Task Manager App 1.0 allows SQL Injection via the 'task' parameter.
- CVE-2024-24139Jan 29, 2024risk 0.01cvss —epss 0.01
Sourcecodester Login System with Email Verification 1.0 allows SQL Injection via the 'user' parameter.
- CVE-2023-50071Dec 29, 2023risk 0.01cvss —epss 0.14
Sourcecodester Customer Support System 1.0 has multiple SQL injection vulnerabilities in /customer_support/ajax.php?action=save_department via id or name.
Page 6 of 34