CVE-2026-7110

A flaw has been found in code-projects Invoice System in Laravel 1.0. Affected is an unknown function of the file /item. Executing a manipulation of the argument item name/description can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been published an...

CVE-2026-7238

A vulnerability in code-projects Online Music Site 1.0 affects Administrator/PHP/AdminUpdateAlbum.php where manipulation of the txtimage argument enables unrestricted file upload. This remote exploitation is possible and an exploit has been published. The CVSS metrics indicate a Network attacker ...

CVE-2026-7238 code-projects Online Music Site AdminUpdateAlbum.php unrestricted upload

A flaw has been found in code-projects Online Music Site 1.0. This affects an unknown part of the file /Administrator/PHP/AdminUpdateAlbum.php. This manipulation of the argument txtimage causes unrestricted upload. Remote exploitation of the attack is possible. The exploit has been published and...

CVE-2026-7229

CVE-2026-7229 affects code-projects Coaching Management System 1.0. The vulnerability resides in the POST Handler for the admin reply.php function under /cims/modules/admin/reply.php, where manipulating the complaintreply argument causes SQL injection. Remote execution is possible, and the exploi...

CVE-2026-7222 code-projects Coaching Management System Complaint Form complaint.php cross site scripting

A vulnerability was determined in code-projects Coaching Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /cims/modules/student/complaint.php of the component Complaint Form Page. This manipulation of the argument Complaint causes cross site scripting...

Code-Projects Coaching Management System 注入漏洞

The Code-Projects Coaching Management System is an open-source coaching management system developed by Code-Projects. Version 1.0 of the Code-Projects Coaching Management System has a SQL injection vulnerability. This vulnerability stems from the complaintreply parameter in the...

Code-Projects Coaching Management System 跨站脚本漏洞

The Code-Projects Coaching Management System is an open-source coaching management system developed by Code-Projects. Version 1.0 of the Code-Projects Coaching Management System contains a cross-site scripting vulnerability. This vulnerability stems from the Complaint Parameter in the Complaint...

Code-Projects Online Music Site 访问控制错误漏洞

Code-Projects Online Music Site is an online music website developed by Code-Projects as open source. Version 1.0 of Code-Projects Online Music Site has a vulnerability related to access control. This vulnerability stems from the unlimited upload feature of the txtimage parameter in the...

CVE-2026-7134 code-projects Online Lot Reservation System edithousepic.php unrestricted upload

A vulnerability was identified in code-projects Online Lot Reservation System 1.0. Affected is an unknown function of the file /edithousepic.php. Such manipulation of the argument image leads to unrestricted upload. The attack can be launched remotely. The exploit is publicly available and might ...

CVE-2026-7134 code-projects Online Lot Reservation System edithousepic.php unrestricted upload

A vulnerability was identified in code-projects Online Lot Reservation System 1.0. Affected is an unknown function of the file /edithousepic.php. Such manipulation of the argument image leads to unrestricted upload. The attack can be launched remotely. The exploit is publicly available and might ...

CVE-2026-7133 code-projects Online Lot Reservation System activity.php unrestricted upload

A vulnerability was determined in code-projects Online Lot Reservation System 1.0. This impacts an unknown function of the file /activity.php. This manipulation of the argument directory causes unrestricted upload. The attack can be initiated remotely. The exploit has been publicly disclosed and...

CVE-2026-7133 code-projects Online Lot Reservation System activity.php unrestricted upload

A vulnerability was determined in code-projects Online Lot Reservation System 1.0. This impacts an unknown function of the file /activity.php. This manipulation of the argument directory causes unrestricted upload. The attack can be initiated remotely. The exploit has been publicly disclosed and...

CVE-2026-7133

The CVE-2026-7133 entry affects code-projects Online Lot Reservation System 1.0, specifically a vulnerability in /activity.php where manipulating the directory argument enables unrestricted upload. This can be triggered remotely and has publicly disclosed exploit details. The connected documents ...

CVE-2026-7132 code-projects Online Lot Reservation System download.php readfile path traversal

A vulnerability was found in code-projects Online Lot Reservation System up to 1.0. This affects the function readfile of the file /download.php. The manipulation of the argument File results in path traversal. It is possible to launch the attack remotely. The exploit has been made public and cou...

CVE-2026-7132

A vulnerability was found in code-projects Online Lot Reservation System up to 1.0. This affects the function readfile of the file /download.php. The manipulation of the argument File results in path traversal. It is possible to launch the attack remotely. The exploit has been made public and cou...

CVE-2026-7132

CVE-2026-7132 affects code-projects Online Lot Reservation System (≤1.0). The vulnerability is in the readfile function of /download.php, where manipulation of the File argument enables path traversal. This can be exploited remotely; a public exploit is noted. CVSS data indicate network access wi...

CVE-2026-7131 code-projects Online Lot Reservation System loginuser.php sql injection

A vulnerability has been found in code-projects Online Lot Reservation System up to 1.0. The impacted element is an unknown function of the file /loginuser.php. The manipulation of the argument email/password leads to sql injection. It is possible to initiate the attack remotely. The exploit has...

CVE-2026-7131 code-projects Online Lot Reservation System loginuser.php sql injection

A vulnerability has been found in code-projects Online Lot Reservation System up to 1.0. The impacted element is an unknown function of the file /loginuser.php. The manipulation of the argument email/password leads to sql injection. It is possible to initiate the attack remotely. The exploit has...

CVE-2026-7131

The CVE-2026-7131 entry concerns code-projects Online Lot Reservation System (up to 1.0). The vulnerable component is an unknown function in /loginuser.php, where manipulation of the email/password parameters allows a SQL injection. The issue is exploitable remotely and, per the records, exploits...

CVE-2026-7118 code-projects Employee Management System cancel.php sql injection

A security vulnerability has been detected in code-projects Employee Management System 1.0. The affected element is an unknown function of the file 370project/cancel.php. The manipulation of the argument id/token leads to sql injection. The attack is possible to be carried out remotely. The explo...