CVE-2025-11511

CVE-2025-11511 affects the code-projects E-Commerce Website 1.0, specifically the file /pages/supplier_add.php. The vulnerability arises from insufficient validation/manipulation protection of the supp_email parameter, allowing SQL injection and enabling remote exploitation. Multiple sources note...

CVE-2025-11509 code-projects E-Commerce Website product_add.php sql injection

A vulnerability was detected in code-projects E-Commerce Website 1.0. This impacts an unknown function of the file /pages/productadd.php. Performing manipulation of the argument prodname results in sql injection. The attack may be initiated remotely. The exploit is now public and may be used...

CVE-2025-11509 code-projects E-Commerce Website product_add.php sql injection

A vulnerability was detected in code-projects E-Commerce Website 1.0. This impacts an unknown function of the file /pages/productadd.php. Performing manipulation of the argument prodname results in sql injection. The attack may be initiated remotely. The exploit is now public and may be used...

CVE-2025-11509

Code-projects E-Commerce Website 1.0 is affected by a SQL injection in the prod_name parameter of /pages/product_add.php. Connected sources (CNVD-2025-23964, RH-CVE-2025-11509, CNNVD-202510-1110, PT-2025-41317, etc.) describe exploitation remotely and publicly available exploit code, indicating t...

CVE-2025-11508 code-projects Voting System voters_add.php unrestricted upload

A security vulnerability has been detected in code-projects Voting System 1.0. This affects an unknown function of the file /admin/votersadd.php. Such manipulation of the argument photo leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed publicly and...

CVE-2025-11508

Voting System 1.0 contains a vulnerability in /admin/voters_add.php where manipulating the photo argument enables unrestricted file uploads. The issue is remotely exploitable and has publicly disclosed exploit information. No patch/version remediation details are provided in the supplied document...

CVE-2025-11508 code-projects Voting System voters_add.php unrestricted upload

A security vulnerability has been detected in code-projects Voting System 1.0. This affects an unknown function of the file /admin/votersadd.php. Such manipulation of the argument photo leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed publicly and...

CVE-2025-11352

A security vulnerability has been detected in code-projects Online Hotel Reservation System 1.0. This affects an unknown function of the file /admin/addexec.php. Such manipulation of the argument image leads to unrestricted upload. The attack can be executed remotely. The exploit has been disclos...

CVE-2025-11351

A weakness has been identified in code-projects Online Hotel Reservation System 1.0. The impacted element is an unknown function of the file /admin/editpicexec.php. This manipulation of the argument image causes unrestricted upload. Remote exploitation of the attack is possible. The exploit has...

CVE-2025-11431

A vulnerability was determined in code-projects Web-Based Inventory and POS System 1.0. The impacted element is an unknown function of the file /transaction.php. This manipulation of the argument shopid causes sql injection. The attack is possible to be carried out remotely. The exploit has been...

CVE-2025-11431 code-projects Web-Based Inventory and POS System transaction.php sql injection

A vulnerability was determined in code-projects Web-Based Inventory and POS System 1.0. The impacted element is an unknown function of the file /transaction.php. This manipulation of the argument shopid causes sql injection. The attack is possible to be carried out remotely. The exploit has been...

CVE-2025-11424 code-projects Web-Based Inventory and POS System login.php sql injection

A vulnerability was determined in code-projects Web-Based Inventory and POS System 1.0. This impacts an unknown function of the file /login.php. Executing manipulation of the argument emailid can lead to sql injection. The attack may be performed from remote. The exploit has been publicly disclos...

CVE-2025-11424 code-projects Web-Based Inventory and POS System login.php sql injection

A vulnerability was determined in code-projects Web-Based Inventory and POS System 1.0. This impacts an unknown function of the file /login.php. Executing manipulation of the argument emailid can lead to sql injection. The attack may be performed from remote. The exploit has been publicly disclos...

CVE-2025-11424

CVE-2025-11424 affects code-projects Web-Based Inventory and POS System 1.0. The vulnerability lies in the login.php module, where manipulating the emailid parameter enables SQL injection. Exploitation can be performed remotely, and public disclosures exist. Affected component: login.php in Web-B...

CVE-2025-11421 code-projects Voting System candidates_edit.php cross site scripting

A flaw has been found in code-projects Voting System 1.0. The affected element is an unknown function of the file /admin/candidatesedit.php. This manipulation of the argument Firstname/Lastname/Platform causes cross site scripting. Remote exploitation of the attack is possible. The exploit has be...

CVE-2025-11421

CVE-2025-11421 applies to code-projects Voting System 1.0. The flaw is a cross-site scripting vulnerability in the unknown function of the file /admin/candidates_edit.php , caused by manipulating the arguments Firstname/Lastname/Platform . Remote exploitation is possible, and an exploit has been ...

CVE-2025-11420 code-projects E-Commerce Website edit_order_details.php sql injection

A vulnerability was detected in code-projects E-Commerce Website 1.0. Impacted is an unknown function of the file /pages/editorderdetails.php. The manipulation of the argument orderid results in sql injection. The attack may be launched remotely. The exploit is now public and may be used...

CVE-2025-11420 code-projects E-Commerce Website edit_order_details.php sql injection

A vulnerability was detected in code-projects E-Commerce Website 1.0. Impacted is an unknown function of the file /pages/editorderdetails.php. The manipulation of the argument orderid results in sql injection. The attack may be launched remotely. The exploit is now public and may be used...

CVE-2025-11420

CVE-2025-11420 affects code-projects E-Commerce Website 1.0. The vulnerability is a SQL injection in the /pages/edit_order_details.php handler, triggered by manipulating the order_id parameter. The issue originates from lack of input validation for an externally supplied SQL statement, allowing a...

Code-Projects Web-Based Inventory and POS System 安全漏洞

Code-Projects Web-Based Inventory and POS System is a web-based inventory and POS system from Code-Projects open source. A security vulnerability exists in version 1.0 of the code-projects Web-Based Inventory and POS System, which stems from an incorrect manipulation of the parameter shopid in th...