Vendor CVEs
Sourcecodester
All CVEs
1,696 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-29622 | 0.01 | — | 0.02 | Apr 14, 2023 | Purchase Order Management v1.0 was discovered to contain a SQL injection vulnerability via the password parameter at /purchase_order/admin/login.php. | |||
| CVE-2022-28021 | 0.01 | — | 0.25 | Apr 21, 2022 | Purchase Order Management System v1.0 was discovered to contain a remote code execution (RCE) vulnerability via /purchase_order/admin/?page=user. | |||
| CVE-2022-28022 | 0.01 | — | 0.03 | Apr 21, 2022 | Purchase Order Management System v1.0 was discovered to contain a SQL injection vulnerability via /purchase_order/classes/Master.php?f=delete_item. | |||
| CVE-2022-28023 | 0.01 | — | 0.03 | Apr 21, 2022 | Purchase Order Management System v1.0 was discovered to contain a SQL injection vulnerability via /purchase_order/classes/Master.php?f=delete_supplier. | |||
| CVE-2021-40908 | 0.01 | — | 0.03 | Jan 24, 2022 | SQL injection vulnerability in Login.php in Sourcecodester Purchase Order Management System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username parameter. | |||
| CVE-2021-40247 | 0.01 | — | 0.03 | Jan 21, 2022 | SQL injection vulnerability in Sourcecodester Budget and Expense Tracker System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username field. | |||
| CVE-2021-44593 | 0.01 | — | 0.04 | Jan 21, 2022 | Simple College Website 1.0 is vulnerable to unauthenticated file upload & remote code execution via UNION-based SQL injection in the username parameter on /admin/login.php. | |||
| CVE-2021-46005 | 0.01 | — | 0.03 | Jan 18, 2022 | Sourcecodester Car Rental Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via vehicalorcview parameter. | |||
| CVE-2021-41645 | 0.01 | — | 0.03 | Oct 29, 2021 | Remote Code Execution (RCE) vulnerability exists in Sourcecodester Budget and Expense Tracker System 1.0 that allows a remote malicious user to inject arbitrary code via the image upload field. . | |||
| CVE-2026-12529 | 0.00 | — | 0.00 | Jun 17, 2026 | A security vulnerability has been detected in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0. Affected is an unknown function of the file /index.php of the component Student Self-Registration Endpoint. The manipulation leads to improper access… | |||
| CVE-2026-30531 | 0.00 | — | 0.00 | Mar 27, 2026 | A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the Actions.php file (specifically the save_category action). The application fails to properly sanitize user input supplied to the "name" parameter. This allows an authenticated attacker… | |||
| CVE-2026-30529 | 0.00 | — | 0.00 | Mar 27, 2026 | A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the Actions.php file (specifically the save_user action). The application fails to properly sanitize user input supplied to the "username" parameter. This allows an authenticated attacker… | |||
| CVE-2026-30532 | 0.00 | — | 0.00 | Mar 27, 2026 | A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the admin/view_product.php file via the "id" parameter. | |||
| CVE-2026-30533 | 0.00 | — | 0.00 | Mar 27, 2026 | A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the admin/manage_product.php file via the "id" parameter. | |||
| CVE-2026-30530 | 0.00 | — | 0.00 | Mar 27, 2026 | A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the Actions.php file (specifically the save_customer action). The application fails to properly sanitize user input supplied to the "username" parameter. This allows an attacker to inject… | |||
| CVE-2026-30568 | 0.00 | — | 0.00 | Mar 27, 2026 | A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0 in in the view_purchase.php file via the "limit" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML… | |||
| CVE-2026-30534 | 0.00 | — | 0.00 | Mar 27, 2026 | A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in admin/manage_category.php via the "id" parameter. | |||
| CVE-2026-26884 | 0.00 | — | 0.00 | Mar 3, 2026 | Sourcecodester Online Men's Salon Management System v1.0 is vulnerable to SQL Injection in /msms/admin/appointments/view_appointment.php. | |||
| CVE-2026-26886 | 0.00 | — | 0.00 | Mar 3, 2026 | Sourcecodester Online Men's Salon Management System v1.0 is vulnerable to SQL Injection in /admin/services/manage_service.php. | |||
| CVE-2026-26891 | 0.00 | — | 0.00 | Mar 3, 2026 | Sourcecodester Logistic Hub Parcel's Management System v1.0 is vulnerable to SQL Injection in /manage_parcel_type.php. | |||
| CVE-2026-26892 | 0.00 | — | 0.00 | Mar 3, 2026 | Sourcecodester Logistic Hub Parcel's Management System v1.0 is vulnerable to SQL Injection in /manage_carrier.php. | |||
| CVE-2026-26883 | 0.00 | — | 0.00 | Mar 3, 2026 | Sourcecodester Online Men's Salon Management System v1.0 is vulnerable to SQL Injection in /msms/classes/Master.php?f=delete_appointment. | |||
| CVE-2026-26885 | 0.00 | — | 0.00 | Mar 3, 2026 | Sourcecodester Online Men's Salon Management System v1.0 is vulnerable to SQL Injection in /classes/Master.php?f=delete_service. | |||
| CVE-2026-26888 | 0.00 | — | 0.00 | Mar 3, 2026 | Sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/manage_stock.php. | |||
| CVE-2026-26887 | 0.00 | — | 0.00 | Mar 3, 2026 | Sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/manage_supplier.php. | |||
| CVE-2026-26890 | 0.00 | — | 0.00 | Mar 3, 2026 | Sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/manage_product.php. | |||
| CVE-2026-26889 | 0.00 | — | 0.00 | Mar 3, 2026 | Sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/manage_category.php. | |||
| CVE-2026-26704 | 0.00 | — | 0.00 | Mar 2, 2026 | sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/view_category.php. | |||
| CVE-2026-26702 | 0.00 | — | 0.01 | Mar 2, 2026 | sourcecodester Personnel Property Equipment System v1.0 is vulnerable to SQL Injection in /ppes/admin/myitem_reuse.php. | |||
| CVE-2026-26706 | 0.00 | — | 0.00 | Mar 2, 2026 | sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/view_receipt.php. | |||
| CVE-2026-26707 | 0.00 | — | 0.00 | Mar 2, 2026 | sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/view_supplier.php. | |||
| CVE-2026-26700 | 0.00 | — | 0.00 | Mar 2, 2026 | sourcecodester Personnel Property Equipment System v1.0 is vulnerable to SQL Injection in /ppes/admin/edit_employee.php. | |||
| CVE-2026-26708 | 0.00 | — | 0.00 | Mar 2, 2026 | sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/manage_user.php. | |||
| CVE-2026-26705 | 0.00 | — | 0.00 | Mar 2, 2026 | sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/view_product.php. | |||
| CVE-2026-26703 | 0.00 | — | 0.01 | Mar 2, 2026 | sourcecodester Personnel Property Equipment System v1.0 is vulnerable to SQL Injection in /ppes/admin/advance_search.php. | |||
| CVE-2026-26701 | 0.00 | — | 0.00 | Mar 2, 2026 | sourcecodester Personnel Property Equipment System v1.0 is vulnerable to SQL Injection in /ppes/admin/edit_tecnical_user.php. | |||
| CVE-2026-26699 | 0.00 | — | 0.01 | Mar 2, 2026 | sourcecodester Personnel Property Equipment System v1.0 is vulnerable to arbitrary code execution in ip/ppes/admin/admin_change_picture.php. | |||
| CVE-2025-70141 | 0.00 | — | 0.01 | Feb 18, 2026 | SourceCodester Customer Support System 1.0 contains an incorrect access control vulnerability in ajax.php. The AJAX dispatcher does not enforce authentication or authorization before invoking administrative methods in admin_class.php based on the action parameter. An… | |||
| CVE-2025-70458 | 0.00 | — | 0.00 | Jan 23, 2026 | A DOM-based Cross-Site Scripting (XSS) vulnerability exists in the DomainCheckerApp class within domain/script.js of Sourcecodester Domain Availability Checker v1.0. The vulnerability occurs because the application improperly handles user-supplied data in the createResultElement… | |||
| CVE-2025-66802 | 0.00 | — | 0.01 | Jan 12, 2026 | Sourcecodester Covid-19 Contact Tracing System 1.0 is vulnerable to RCE (Remote Code Execution). The application receives a reverse shell (php) into imagem of the user enabling RCE. | |||
| CVE-2025-65881 | 0.00 | — | 0.00 | Dec 2, 2025 | Sourcecodester Zoo Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /classes/Login.php. | |||
| CVE-2025-13565 | 0.00 | — | 0.00 | Nov 23, 2025 | A weakness has been identified in SourceCodester Inventory Management System 1.0. The affected element is an unknown function of the file /model/user/resetPassword.php. Executing manipulation can lead to weak password recovery. The attack may be performed from remote. The… | |||
| CVE-2025-63708 | 0.00 | — | 0.00 | Nov 17, 2025 | Cross-Site Scripting (XSS) vulnerability exists in SourceCodester AI Font Matcher (nid=18425, 2025-10-10) that allows remote attackers to execute arbitrary JavaScript in victims' browsers. The vulnerability occurs in the webfonts API handling mechanism where font family names… | |||
| CVE-2025-13200 | 0.00 | — | 0.00 | Nov 15, 2025 | A vulnerability was determined in SourceCodester Farm Management System 1.0. Affected by this vulnerability is an unknown functionality. This manipulation causes exposure of information through directory listing. The attack is possible to be carried out remotely. The exploit has… | |||
| CVE-2025-63891 | 0.00 | — | 0.00 | Nov 14, 2025 | Information Disclosure in web-accessible backup file in SourceCodester Simple Online Book Store System allows a remote unauthenticated attacker to disclose full database contents (including schema and credential hashes) via an unauthenticated HTTP GET request to… | |||
| CVE-2025-63712 | 0.00 | — | 0.00 | Nov 10, 2025 | Cross-Site Request Forgery (CSRF) in SourceCodester Product Expiry Management System. The User Management module (delete-user.php) allows remote attackers to delete arbitrary user accounts via forged cross-origin GET requests because the endpoint relies solely on session cookies… | |||
| CVE-2025-63710 | 0.00 | — | 0.00 | Nov 10, 2025 | The send_message.php endpoint in SourceCodester Simple Public Chat Room 1.0 is vulnerable to Cross-Site Request Forgery (CSRF). The application does not implement any CSRF-protection mechanisms such as tokens, nonces, or same-site cookie restrictions. An attacker can create a… | |||
| CVE-2025-63711 | 0.00 | — | 0.00 | Nov 10, 2025 | A Cross-Site Request Forgery (CSRF) vulnerability in the SourceCodester Client Database Management System 1.0 allows an attacker to cause an authenticated administrative user to perform user deletion actions without their consent. The application's user deletion endpoint (e.g.,… | |||
| CVE-2025-63718 | 0.00 | — | 0.00 | Nov 7, 2025 | A SQL injection vulnerability exists in the SourceCodester PQMS (Patient Queue Management System) 1.0 in the api_patient_schedule.php endpoint. The appointmentID parameter is not properly sanitized, allowing attackers to execute arbitrary SQL commands. | |||
| CVE-2025-63640 | 0.00 | — | 0.00 | Nov 7, 2025 | Sourcecodester Medicine Reminder App v1.0 is vulnerable to Cross-Site Scripting (XSS) in the "Medicine Name" and "Notes (Optional)" fields when creating an "Upcoming Reminder", allowing an attacker to inject arbitrary potentially malicious HTML/JavaScript code that executes in… |
- CVE-2023-29622Apr 14, 2023risk 0.01cvss —epss 0.02
Purchase Order Management v1.0 was discovered to contain a SQL injection vulnerability via the password parameter at /purchase_order/admin/login.php.
- CVE-2022-28021Apr 21, 2022risk 0.01cvss —epss 0.25
Purchase Order Management System v1.0 was discovered to contain a remote code execution (RCE) vulnerability via /purchase_order/admin/?page=user.
- CVE-2022-28022Apr 21, 2022risk 0.01cvss —epss 0.03
Purchase Order Management System v1.0 was discovered to contain a SQL injection vulnerability via /purchase_order/classes/Master.php?f=delete_item.
- CVE-2022-28023Apr 21, 2022risk 0.01cvss —epss 0.03
Purchase Order Management System v1.0 was discovered to contain a SQL injection vulnerability via /purchase_order/classes/Master.php?f=delete_supplier.
- CVE-2021-40908Jan 24, 2022risk 0.01cvss —epss 0.03
SQL injection vulnerability in Login.php in Sourcecodester Purchase Order Management System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username parameter.
- CVE-2021-40247Jan 21, 2022risk 0.01cvss —epss 0.03
SQL injection vulnerability in Sourcecodester Budget and Expense Tracker System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username field.
- CVE-2021-44593Jan 21, 2022risk 0.01cvss —epss 0.04
Simple College Website 1.0 is vulnerable to unauthenticated file upload & remote code execution via UNION-based SQL injection in the username parameter on /admin/login.php.
- CVE-2021-46005Jan 18, 2022risk 0.01cvss —epss 0.03
Sourcecodester Car Rental Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via vehicalorcview parameter.
- CVE-2021-41645Oct 29, 2021risk 0.01cvss —epss 0.03
Remote Code Execution (RCE) vulnerability exists in Sourcecodester Budget and Expense Tracker System 1.0 that allows a remote malicious user to inject arbitrary code via the image upload field. .
- CVE-2026-12529Jun 17, 2026risk 0.00cvss —epss 0.00
A security vulnerability has been detected in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0. Affected is an unknown function of the file /index.php of the component Student Self-Registration Endpoint. The manipulation leads to improper access…
- CVE-2026-30531Mar 27, 2026risk 0.00cvss —epss 0.00
A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the Actions.php file (specifically the save_category action). The application fails to properly sanitize user input supplied to the "name" parameter. This allows an authenticated attacker…
- CVE-2026-30529Mar 27, 2026risk 0.00cvss —epss 0.00
A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the Actions.php file (specifically the save_user action). The application fails to properly sanitize user input supplied to the "username" parameter. This allows an authenticated attacker…
- CVE-2026-30532Mar 27, 2026risk 0.00cvss —epss 0.00
A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the admin/view_product.php file via the "id" parameter.
- CVE-2026-30533Mar 27, 2026risk 0.00cvss —epss 0.00
A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the admin/manage_product.php file via the "id" parameter.
- CVE-2026-30530Mar 27, 2026risk 0.00cvss —epss 0.00
A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the Actions.php file (specifically the save_customer action). The application fails to properly sanitize user input supplied to the "username" parameter. This allows an attacker to inject…
- CVE-2026-30568Mar 27, 2026risk 0.00cvss —epss 0.00
A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0 in in the view_purchase.php file via the "limit" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML…
- CVE-2026-30534Mar 27, 2026risk 0.00cvss —epss 0.00
A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in admin/manage_category.php via the "id" parameter.
- CVE-2026-26884Mar 3, 2026risk 0.00cvss —epss 0.00
Sourcecodester Online Men's Salon Management System v1.0 is vulnerable to SQL Injection in /msms/admin/appointments/view_appointment.php.
- CVE-2026-26886Mar 3, 2026risk 0.00cvss —epss 0.00
Sourcecodester Online Men's Salon Management System v1.0 is vulnerable to SQL Injection in /admin/services/manage_service.php.
- CVE-2026-26891Mar 3, 2026risk 0.00cvss —epss 0.00
Sourcecodester Logistic Hub Parcel's Management System v1.0 is vulnerable to SQL Injection in /manage_parcel_type.php.
- CVE-2026-26892Mar 3, 2026risk 0.00cvss —epss 0.00
Sourcecodester Logistic Hub Parcel's Management System v1.0 is vulnerable to SQL Injection in /manage_carrier.php.
- CVE-2026-26883Mar 3, 2026risk 0.00cvss —epss 0.00
Sourcecodester Online Men's Salon Management System v1.0 is vulnerable to SQL Injection in /msms/classes/Master.php?f=delete_appointment.
- CVE-2026-26885Mar 3, 2026risk 0.00cvss —epss 0.00
Sourcecodester Online Men's Salon Management System v1.0 is vulnerable to SQL Injection in /classes/Master.php?f=delete_service.
- CVE-2026-26888Mar 3, 2026risk 0.00cvss —epss 0.00
Sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/manage_stock.php.
- CVE-2026-26887Mar 3, 2026risk 0.00cvss —epss 0.00
Sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/manage_supplier.php.
- CVE-2026-26890Mar 3, 2026risk 0.00cvss —epss 0.00
Sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/manage_product.php.
- CVE-2026-26889Mar 3, 2026risk 0.00cvss —epss 0.00
Sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/manage_category.php.
- CVE-2026-26704Mar 2, 2026risk 0.00cvss —epss 0.00
sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/view_category.php.
- CVE-2026-26702Mar 2, 2026risk 0.00cvss —epss 0.01
sourcecodester Personnel Property Equipment System v1.0 is vulnerable to SQL Injection in /ppes/admin/myitem_reuse.php.
- CVE-2026-26706Mar 2, 2026risk 0.00cvss —epss 0.00
sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/view_receipt.php.
- CVE-2026-26707Mar 2, 2026risk 0.00cvss —epss 0.00
sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/view_supplier.php.
- CVE-2026-26700Mar 2, 2026risk 0.00cvss —epss 0.00
sourcecodester Personnel Property Equipment System v1.0 is vulnerable to SQL Injection in /ppes/admin/edit_employee.php.
- CVE-2026-26708Mar 2, 2026risk 0.00cvss —epss 0.00
sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/manage_user.php.
- CVE-2026-26705Mar 2, 2026risk 0.00cvss —epss 0.00
sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/view_product.php.
- CVE-2026-26703Mar 2, 2026risk 0.00cvss —epss 0.01
sourcecodester Personnel Property Equipment System v1.0 is vulnerable to SQL Injection in /ppes/admin/advance_search.php.
- CVE-2026-26701Mar 2, 2026risk 0.00cvss —epss 0.00
sourcecodester Personnel Property Equipment System v1.0 is vulnerable to SQL Injection in /ppes/admin/edit_tecnical_user.php.
- CVE-2026-26699Mar 2, 2026risk 0.00cvss —epss 0.01
sourcecodester Personnel Property Equipment System v1.0 is vulnerable to arbitrary code execution in ip/ppes/admin/admin_change_picture.php.
- CVE-2025-70141Feb 18, 2026risk 0.00cvss —epss 0.01
SourceCodester Customer Support System 1.0 contains an incorrect access control vulnerability in ajax.php. The AJAX dispatcher does not enforce authentication or authorization before invoking administrative methods in admin_class.php based on the action parameter. An…
- CVE-2025-70458Jan 23, 2026risk 0.00cvss —epss 0.00
A DOM-based Cross-Site Scripting (XSS) vulnerability exists in the DomainCheckerApp class within domain/script.js of Sourcecodester Domain Availability Checker v1.0. The vulnerability occurs because the application improperly handles user-supplied data in the createResultElement…
- CVE-2025-66802Jan 12, 2026risk 0.00cvss —epss 0.01
Sourcecodester Covid-19 Contact Tracing System 1.0 is vulnerable to RCE (Remote Code Execution). The application receives a reverse shell (php) into imagem of the user enabling RCE.
- CVE-2025-65881Dec 2, 2025risk 0.00cvss —epss 0.00
Sourcecodester Zoo Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /classes/Login.php.
- CVE-2025-13565Nov 23, 2025risk 0.00cvss —epss 0.00
A weakness has been identified in SourceCodester Inventory Management System 1.0. The affected element is an unknown function of the file /model/user/resetPassword.php. Executing manipulation can lead to weak password recovery. The attack may be performed from remote. The…
- CVE-2025-63708Nov 17, 2025risk 0.00cvss —epss 0.00
Cross-Site Scripting (XSS) vulnerability exists in SourceCodester AI Font Matcher (nid=18425, 2025-10-10) that allows remote attackers to execute arbitrary JavaScript in victims' browsers. The vulnerability occurs in the webfonts API handling mechanism where font family names…
- CVE-2025-13200Nov 15, 2025risk 0.00cvss —epss 0.00
A vulnerability was determined in SourceCodester Farm Management System 1.0. Affected by this vulnerability is an unknown functionality. This manipulation causes exposure of information through directory listing. The attack is possible to be carried out remotely. The exploit has…
- CVE-2025-63891Nov 14, 2025risk 0.00cvss —epss 0.00
Information Disclosure in web-accessible backup file in SourceCodester Simple Online Book Store System allows a remote unauthenticated attacker to disclose full database contents (including schema and credential hashes) via an unauthenticated HTTP GET request to…
- CVE-2025-63712Nov 10, 2025risk 0.00cvss —epss 0.00
Cross-Site Request Forgery (CSRF) in SourceCodester Product Expiry Management System. The User Management module (delete-user.php) allows remote attackers to delete arbitrary user accounts via forged cross-origin GET requests because the endpoint relies solely on session cookies…
- CVE-2025-63710Nov 10, 2025risk 0.00cvss —epss 0.00
The send_message.php endpoint in SourceCodester Simple Public Chat Room 1.0 is vulnerable to Cross-Site Request Forgery (CSRF). The application does not implement any CSRF-protection mechanisms such as tokens, nonces, or same-site cookie restrictions. An attacker can create a…
- CVE-2025-63711Nov 10, 2025risk 0.00cvss —epss 0.00
A Cross-Site Request Forgery (CSRF) vulnerability in the SourceCodester Client Database Management System 1.0 allows an attacker to cause an authenticated administrative user to perform user deletion actions without their consent. The application's user deletion endpoint (e.g.,…
- CVE-2025-63718Nov 7, 2025risk 0.00cvss —epss 0.00
A SQL injection vulnerability exists in the SourceCodester PQMS (Patient Queue Management System) 1.0 in the api_patient_schedule.php endpoint. The appointmentID parameter is not properly sanitized, allowing attackers to execute arbitrary SQL commands.
- CVE-2025-63640Nov 7, 2025risk 0.00cvss —epss 0.00
Sourcecodester Medicine Reminder App v1.0 is vulnerable to Cross-Site Scripting (XSS) in the "Medicine Name" and "Notes (Optional)" fields when creating an "Upcoming Reminder", allowing an attacker to inject arbitrary potentially malicious HTML/JavaScript code that executes in…
Page 7 of 34