VYPR

Vendor CVEs

Sourcecodester

All CVEs

1,696 total · sorted by risk
  • CVE-2026-5209LowMar 31, 2026
    risk 0.16cvss 2.4epss 0.00

    A security vulnerability has been detected in SourceCodester Leave Application System 1.0. Affected by this issue is some unknown functionality of the component User Management Handler. Such manipulation leads to cross site scripting. The attack may be launched remotely. The…

  • CVE-2025-7144LowJul 7, 2025
    risk 0.16cvss 2.4epss 0.00

    A vulnerability has been found in SourceCodester Best Salon Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /panel/admin-profile.php of the component Admin Profile Page. The manipulation of the argument Admin Name leads to…

  • CVE-2025-7143LowJul 7, 2025
    risk 0.16cvss 2.4epss 0.00

    A vulnerability, which was classified as problematic, was found in SourceCodester Best Salon Management System 1.0. This affects an unknown part of the file /panel/edit-tax.php of the component Update Tax Page. The manipulation of the argument Tax Name leads to cross site…

  • CVE-2025-7142LowJul 7, 2025
    risk 0.16cvss 2.4epss 0.00

    A vulnerability, which was classified as problematic, has been found in SourceCodester Best Salon Management System 1.0. Affected by this issue is some unknown functionality of the file /panel/search-appointment.php. The manipulation leads to cross site scripting. The attack may…

  • CVE-2025-7141LowJul 7, 2025
    risk 0.16cvss 2.4epss 0.00

    A vulnerability classified as problematic was found in SourceCodester Best Salon Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /panel/edit_plan.php of the component Update Staff Page. The manipulation leads to cross site scripting.…

  • CVE-2025-7140LowJul 7, 2025
    risk 0.16cvss 2.4epss 0.00

    A vulnerability classified as problematic has been found in SourceCodester Best Salon Management System 1.0. Affected is an unknown function of the file /panel/edit-staff.php of the component Update Staff Page. The manipulation of the argument Staff Name leads to cross site…

  • CVE-2025-7139LowJul 7, 2025
    risk 0.16cvss 2.4epss 0.00

    A vulnerability was found in SourceCodester Best Salon Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /panel/edit-customer-detailed.php of the component Update Customer Details Page. The manipulation of the…

  • CVE-2023-33440May 26, 2023
    risk 0.10cvss epss 0.15

    Sourcecodester Faculty Evaluation System v1.0 is vulnerable to arbitrary code execution via /eval/ajax.php?action=save_user.

  • CVE-2022-40471Oct 31, 2022
    risk 0.10cvss epss 0.19

    Remote Code Execution in Clinic's Patient Management System v 1.0 allows Attacker to Upload arbitrary php webshell via profile picture upload functionality in users.php

  • CVE-2022-40032Feb 17, 2023
    risk 0.08cvss epss 0.21

    SQL Injection vulnerability in Simple Task Managing System version 1.0 in login.php in 'username' and 'password' parameters, allows attackers to execute arbitrary code and gain sensitive information.

  • CVE-2022-2297Jul 12, 2022
    risk 0.08cvss epss 0.03

    A vulnerability, which was classified as critical, was found in SourceCodester Clinics Patient Management System 2.0. Affected is an unknown function of the file /pms/update_user.php?user_id=1. The manipulation of the argument profile_picture with the input <?php phpinfo();?>…

  • CVE-2022-27927Apr 19, 2022
    risk 0.07cvss epss 0.14

    A SQL injection vulnerability exists in Microfinance Management System 1.0 when MySQL is being used as the application database. An attacker can issue SQL commands to the MySQL database through the vulnerable course_code and/or customer_number parameter.

  • CVE-2024-24494Feb 8, 2024
    risk 0.06cvss epss 0.26

    Cross Site Scripting vulnerability in Daily Habit Tracker v.1.0 allows a remote attacker to execute arbitrary code via the day, exercise, pray, read_book, vitamins, laundry, alcohol and meat parameters in the add-tracker.php and update-tracker.php components.

  • CVE-2023-2130Apr 17, 2023
    risk 0.06cvss epss 0.04

    A vulnerability classified as critical has been found in SourceCodester Purchase Order Management System 1.0. Affected is an unknown function of the file /admin/suppliers/view_details.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql…

  • CVE-2022-2467Jul 19, 2022
    risk 0.06cvss epss 0.03

    A vulnerability has been found in SourceCodester Garage Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /login.php. The manipulation of the argument username with the input 1@a.com' AND (SELECT 6427 FROM…

  • CVE-2021-42667Nov 5, 2021
    risk 0.06cvss epss 0.16

    A SQL Injection vulnerability exists in Sourcecodester Online Event Booking and Reservation System in PHP in event-management/views. An attacker can leverage this vulnerability in order to manipulate the sql query performed. As a result he can extract sensitive data from the web…

  • CVE-2023-33584Jun 21, 2023
    risk 0.05cvss epss 0.14

    Sourcecodester Enrollment System Project V1.0 is vulnerable to SQL Injection (SQLI) attacks, which allow an attacker to manipulate the SQL queries executed by the application. The application fails to properly validate user-supplied input in the username and password fields…

  • CVE-2021-43510Feb 1, 2022
    risk 0.05cvss epss 0.08

    SQL Injection vulnerability exists in Sourcecodester Simple Client Management System 1.0 via the username field in login.php.

  • CVE-2023-33439May 26, 2023
    risk 0.04cvss epss 0.03

    Sourcecodester Faculty Evaluation System v1.0 is vulnerable to SQL Injection via /eval/admin/manage_task.php?id=.

  • CVE-2024-34833Jun 17, 2024
    risk 0.03cvss epss 0.02

    Sourcecodester Payroll Management System v1.0 is vulnerable to File Upload. Users can upload images via the "save_settings" page. An unauthenticated attacker can leverage this functionality to upload a malicious PHP file instead. Successful exploitation of this vulnerability…

  • CVE-2024-27744Mar 1, 2024
    risk 0.03cvss epss 0.01

    Cross Site Scripting vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to execute arbitrary code via a crafted payload to the image parameter in the profile.php component.

  • CVE-2023-34581Jun 12, 2023
    risk 0.03cvss epss 0.03

    Sourcecodester Service Provider Management System v1.0 is vulnerable to SQL Injection via the ID parameter in /php-spms/?page=services/view&id=2

  • CVE-2023-3184Jun 9, 2023
    risk 0.03cvss epss 0.02

    A vulnerability was found in SourceCodester Sales Tracker Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /classes/Users.php?f=save. The manipulation of the argument firstname/middlename/lastname/username…

  • CVE-2023-1826Apr 4, 2023
    risk 0.03cvss epss 0.04

    A vulnerability, which was classified as critical, was found in SourceCodester Online Computer and Laptop Store 1.0. This affects an unknown part of the file php-ocls\admin\system_info\index.php. The manipulation of the argument img leads to unrestricted upload. It is possible…

  • CVE-2023-0963Feb 22, 2023
    risk 0.03cvss epss 0.05

    A vulnerability was found in SourceCodester Music Gallery Site 1.0. It has been rated as critical. This issue affects some unknown processing of the file Users.php of the component POST Request Handler. The manipulation leads to improper access controls. The attack may be…

  • CVE-2023-0962Feb 22, 2023
    risk 0.03cvss epss 0.02

    A vulnerability was found in SourceCodester Music Gallery Site 1.0. It has been declared as critical. This vulnerability affects unknown code of the file Master.php of the component GET Request Handler. The manipulation of the argument id leads to sql injection. The attack can…

  • CVE-2023-0961Feb 22, 2023
    risk 0.03cvss epss 0.02

    A vulnerability was found in SourceCodester Music Gallery Site 1.0. It has been classified as critical. This affects an unknown part of the file view_music_details.php of the component GET Request Handler. The manipulation of the argument id leads to sql injection. It is…

  • CVE-2023-0943Feb 21, 2023
    risk 0.03cvss epss 0.02

    A vulnerability, which was classified as problematic, has been found in SourceCodester Best POS Management System 1.0. This issue affects the function save_settings of the file index.php?page=site_settings of the component Image Handler. The manipulation of the argument img with…

  • CVE-2023-0938Feb 21, 2023
    risk 0.03cvss epss 0.02

    A vulnerability classified as critical has been found in SourceCodester Music Gallery Site 1.0. This affects an unknown part of the file music_list.php of the component GET Request Handler. The manipulation of the argument cid leads to sql injection. It is possible to initiate…

  • CVE-2023-0916Feb 19, 2023
    risk 0.03cvss epss 0.03

    A vulnerability classified as critical was found in SourceCodester Auto Dealer Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /adms/classes/Users.php. The manipulation leads to improper access controls. The attack can be launched…

  • CVE-2023-0915Feb 19, 2023
    risk 0.03cvss epss 0.02

    A vulnerability classified as critical has been found in SourceCodester Auto Dealer Management System 1.0. Affected is an unknown function of the file /adms/admin/?page=user/manage_user. The manipulation of the argument id leads to sql injection. It is possible to launch the…

  • CVE-2023-0913Feb 18, 2023
    risk 0.03cvss epss 0.02

    A vulnerability classified as critical was found in SourceCodester Auto Dealer Management System 1.0. This vulnerability affects unknown code of the file /adms/admin/?page=vehicles/sell_vehicle. The manipulation of the argument id leads to sql injection. The attack can be…

  • CVE-2023-0912Feb 18, 2023
    risk 0.03cvss epss 0.02

    A vulnerability classified as critical has been found in SourceCodester Auto Dealer Management System 1.0. This affects an unknown part of the file /adms/admin/?page=vehicles/view_transaction. The manipulation of the argument id leads to sql injection. It is possible to initiate…

  • CVE-2023-0905Feb 18, 2023
    risk 0.03cvss epss 0.03

    A vulnerability classified as critical has been found in SourceCodester Employee Task Management System 1.0. Affected is an unknown function of the file changePasswordForEmployee.php. The manipulation leads to improper authentication. It is possible to launch the attack…

  • CVE-2023-0904Feb 18, 2023
    risk 0.03cvss epss 0.02

    A vulnerability was found in SourceCodester Employee Task Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file task-details.php. The manipulation of the argument task_id leads to sql injection. The attack may be initiated…

  • CVE-2022-41358Oct 20, 2022
    risk 0.03cvss epss 0.03

    A stored cross-site scripting (XSS) vulnerability in Garage Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the categoriesName parameter in createCategories.php.

  • CVE-2021-42580Nov 15, 2021
    risk 0.03cvss epss 0.10

    Sourcecodester Online Learning System 2.0 is vunlerable to sql injection authentication bypass in admin login file (/admin/login.php) and authenticated file upload in (Master.php) file , we can craft these two vunlerablities to get unauthenticated remote command execution.

  • CVE-2021-40577Nov 8, 2021
    risk 0.03cvss epss 0.02

    A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Online Enrollment Management System in PHP and PayPal Free Source Code 1.0 in the Add-Users page via the Name parameter.

  • CVE-2021-42663Nov 5, 2021
    risk 0.03cvss epss 0.04

    An HTML injection vulnerability exists in Sourcecodester Online Event Booking and Reservation System in PHP/MySQL via the msg parameter to /event-management/index.php. An attacker can leverage this vulnerability in order to change the visibility of the website. Once the target…

  • CVE-2021-43140Nov 3, 2021
    risk 0.03cvss epss 0.05

    SQL Injection vulnerability exists in Sourcecodester. Simple Subscription Website 1.0. via the login.

  • CVE-2024-40110Jul 12, 2024
    risk 0.02cvss epss 0.02

    Sourcecodester Poultry Farm Management System v1.0 contains an Unauthenticated Remote Code Execution (RCE) vulnerability via the productimage parameter at /farm/product.php.

  • CVE-2024-6043Jun 17, 2024
    risk 0.02cvss epss 0.02

    A vulnerability classified as critical has been found in SourceCodester Best House Rental Management System 1.0. This affects the function login of the file admin_class.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack…

  • CVE-2023-29623Apr 14, 2023
    risk 0.02cvss epss 0.01

    Purchase Order Management v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the password parameter at /purchase_order/classes/login.php.

  • CVE-2021-44087Mar 17, 2022
    risk 0.02cvss epss 0.05

    A Remote Code Execution (RCE) vulnerability exists in Sourcecodester Attendance and Payroll System v1.0 which allows an unauthenticated remote attacker to upload a maliciously crafted PHP via photo upload.

  • CVE-2024-51030Nov 8, 2024
    risk 0.01cvss epss 0.01

    A SQL injection vulnerability in manage_client.php and view_cab.php of Sourcecodester Cab Management System 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter, leading to unauthorized access and potential compromise of sensitive data within the…

  • CVE-2024-48427Oct 24, 2024
    risk 0.01cvss epss 0.01

    A SQL injection vulnerability in Sourcecodester Packers and Movers Management System v1.0 allows remote authenticated users to execute arbitrary SQL commands via the id parameter in /mpms/admin/?page=services/manage_service&id

  • CVE-2024-24142Feb 13, 2024
    risk 0.01cvss epss 0.01

    Sourcecodester School Task Manager 1.0 allows SQL Injection via the 'subject' parameter.

  • CVE-2024-24141Jan 29, 2024
    risk 0.01cvss epss 0.01

    Sourcecodester School Task Manager App 1.0 allows SQL Injection via the 'task' parameter.

  • CVE-2024-24139Jan 29, 2024
    risk 0.01cvss epss 0.01

    Sourcecodester Login System with Email Verification 1.0 allows SQL Injection via the 'user' parameter.

  • CVE-2023-50071Dec 29, 2023
    risk 0.01cvss epss 0.14

    Sourcecodester Customer Support System 1.0 has multiple SQL injection vulnerabilities in /customer_support/ajax.php?action=save_department via id or name.

Page 6 of 34