CVE-2025-14195 code-projects Employee Profile Management System add_file_query.php unrestricted upload

A security flaw has been discovered in code-projects Employee Profile Management System 1.0. Impacted is an unknown function of the file /profiling/addfilequery.php. The manipulation of the argument perfile results in unrestricted upload. The attack may be launched remotely. The exploit has been...

CVE-2025-14195

CVE-2025-14195 affects code-projects Employee Profile Management System 1.0. The vulnerability is tied to the per_file parameter in /profiling/add_file_query.php, where improper validation allows unrestricted file upload. This could enable remote attackers to upload arbitrary files. The exploit i...

CVE-2025-14194 code-projects Employee Profile Management System view_personnel.php cross site scripting

A vulnerability was identified in code-projects Employee Profile Management System 1.0. This issue affects some unknown processing of the file /viewpersonnel.php. The manipulation of the argument peraddress/drschool/otherschool leads to cross site scripting. The attack may be initiated remotely...

Code-Projects Employee Profile Management System 代码问题漏洞

Employee Profile Management System is an employee profile management system. Employee Profile Management System has a code issue vulnerability that stems from the lack of valid validation of uploaded files by the parameter perfile in the file /profiling/addfilequery.php. No details of the...

Code-Projects Question Paper Generator SQL注入漏洞

Code-Projects Question Paper Generator is a Code-Projects open source question paper generation software. Code-Projects Question Paper Generator 1.0 and earlier versions have a SQL injection vulnerability that stems from improper handling of the parameter subid in the file /selectquestionuser.php...

PT-2025-49408

A security flaw has been discovered in code-projects Employee Profile Management System 1.0. Impacted is an unknown function of the file /profiling/add file query.php. The manipulation of the argument per file results in unrestricted upload. The attack may be launched remotely. The exploit has be...

CVE-2025-60736

code-projects Online Medicine Guide 1.0 is vulnerable to SQL Injection in /login.php via the upass parameter...

CVE-2025-60736

code-projects Online Medicine Guide 1.0 is vulnerable to SQL Injection in /login.php via the upass parameter...

CVE-2025-13583

A weakness has been identified in code-projects Question Paper Generator 1.0. This affects an unknown part of the file /signupscript.php of the component POST Parameter Handler. Executing manipulation of the argument Fname can lead to sql injection. The attack can be executed remotely. The exploi...

CVE-2025-13585

A vulnerability was detected in itsourcecode COVID Tracking System 1.0. This issue affects some unknown processing of the file /login.php. The manipulation of the argument code results in sql injection. The attack may be performed from remote. The exploit is now public and may be used...

CVE-2025-13585 itsourcecode COVID Tracking System login.php sql injection

A vulnerability was detected in itsourcecode COVID Tracking System 1.0. This issue affects some unknown processing of the file /login.php. The manipulation of the argument code results in sql injection. The attack may be performed from remote. The exploit is now public and may be used...

CVE-2025-13585 itsourcecode COVID Tracking System login.php sql injection

A vulnerability was detected in itsourcecode COVID Tracking System 1.0. This issue affects some unknown processing of the file /login.php. The manipulation of the argument code results in sql injection. The attack may be performed from remote. The exploit is now public and may be used...

CVE-2025-13585

The CVE-2025-13585 affects itsourcecode COVID Tracking System 1.0. A flaw in /login.php allows manipulation of the code argument to trigger SQL injection. The issue is remotely exploitable and exploits are publicly available. Connected sources confirm the vulnerability details and that a fix vers...

CVE-2025-13583 code-projects Question Paper Generator POST Parameter signupscript.php sql injection

A weakness has been identified in code-projects Question Paper Generator 1.0. This affects an unknown part of the file /signupscript.php of the component POST Parameter Handler. Executing manipulation of the argument Fname can lead to sql injection. The attack can be executed remotely. The exploi...

EUVD-2025-198610

A weakness has been identified in code-projects Question Paper Generator 1.0. This affects an unknown part of the file /signupscript.php of the component POST Parameter Handler. Executing manipulation of the argument Fname can lead to sql injection. The attack can be executed remotely. The exploi...

CVE-2025-13583 code-projects Question Paper Generator POST Parameter signupscript.php sql injection

A weakness has been identified in code-projects Question Paper Generator 1.0. This affects an unknown part of the file /signupscript.php of the component POST Parameter Handler. Executing manipulation of the argument Fname can lead to sql injection. The attack can be executed remotely. The exploi...

CVE-2025-13582 code-projects Jonnys Liquor GET Parameter detail.php sql injection

A security flaw has been discovered in code-projects Jonnys Liquor 1.0. Affected by this issue is some unknown functionality of the file /detail.php of the component GET Parameter Handler. Performing manipulation of the argument Product results in sql injection. Remote exploitation of the attack ...

CVE-2025-13582

The CVE affects Code-Projects Jonnys Liquor 1.0 where the GET Parameter Handler in /detail.php is vulnerable. Manipulating the Product argument enables SQL injection, enabling remote exploitation. The public exploit is reportedly available. No vendor/patch/version details are provided in the supp...

CVE-2025-13580 code-projects Library System mail.php sql injection

A vulnerability was determined in code-projects Library System 1.0. Affected is an unknown function of the file /mail.php. This manipulation of the argument ID causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized...

CVE-2025-13580

The CVE-2025-13580 entry relates to Library System 1.0 (code-projects). Multiple connected sources confirm SQL injection in the /mail.php file caused by unsafely handling the ID parameter, enabling remote exploitation. Descriptions consistently attribute the vulnerability to lack of input validat...