Code-Projects Exam Form Submission 代码注入漏洞

Code-Projects Exam Form Submission is an open-source exam form developed by Code-Projects. Version 1.0 of Code-Projects Exam Form Submission contains a code injection vulnerability. This vulnerability stems from incorrect handling of the parameter sname in the file admin/updates3.php, which may...

CVE-2026-4557

Affected software: code-projects Exam Form Submission 1.0. Vulnerable component: /admin/update_s1.php. Root cause: manipulation of the sname argument leads to cross-site scripting (XSS). Impact: potential remote exploitation; exploit is public. Remediation/versions: no fix version or remediation ...

CVE-2026-4557 code-projects Exam Form Submission update_s1.php cross site scripting

A vulnerability was detected in code-projects Exam Form Submission 1.0. This impacts an unknown function of the file /admin/updates1.php. Performing a manipulation of the argument sname results in cross site scripting. The attack may be initiated remotely. The exploit is now public and may be use...

CVE-2026-4550

A vulnerability has been found in code-projects Simple Gym Management System up to 1.0. This affects an unknown part of the file /gym/func.php. Such manipulation of the argument Trainerid/fname leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the publ...

CVE-2026-4533

CVE-2026-4533 affects code-projects Simple Food Ordering System 1.0. The vulnerability is in the all-tickets.php file where manipulating the Status parameter results in an SQL injection, with remote exploitation possible. Exploitation details are reported across multiple sources (NVD, Red Hat, CI...

CVE-2026-4533 code-projects Simple Food Ordering System all-tickets.php sql injection

A vulnerability was detected in code-projects Simple Food Ordering System 1.0. Affected by this issue is some unknown functionality of the file all-tickets.php. The manipulation of the argument Status results in sql injection. It is possible to launch the attack remotely. The exploit is now publi...

CVE-2026-4532

CVE-2026-4532 affects the code-projects Simple Food Ordering System (up to version 1.0). The vulnerability targets the file system via the /food/sql/food.sql component of the Database Backup Handler. It reports that manipulation can make files or directories accessible and that the attack can be ...

Code-Projects Exam Form Submission 代码注入漏洞

Code-Projects Exam Form Submission is an open-source exam form developed by Code-Projects. Version 1.0 of Code-Projects Exam Form Submission contains a code injection vulnerability. This vulnerability arises from incorrect handling of the parameter sname in the file admin/updates1.php, which may...

Code-Projects Simple Food Ordering System SQL注入漏洞

Code-Projects Simple Food Ordering System is a simple food ordering system developed by Code-Projects as open source. Version 1.0 of the code-projects Simple Food Ordering System has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the Status parameter in the fi...

Code-Projects Simple Food Ordering System 安全漏洞

Code-Projects Simple Food Ordering System is a simple food ordering system developed by Code-Projects as open source. Versions of the Code-Projects Simple Food Ordering System prior to 1.0 contained security vulnerabilities. These vulnerabilities stemmed from an unknown feature in the database...

Code-Projects Simple Gym Management System SQL注入漏洞

Code-Projects Simple Gym Management System is an open-source gym management system developed by Code-Projects. Versions of Code-Projects Simple Gym Management System prior to 1.0 contained a SQL injection vulnerability. This vulnerability stemmed from incorrect operations with the parameters...

CVE-2026-4319 code-projects Simple Food Order System add-item.php sql injection

A vulnerability was identified in code-projects Simple Food Order System 1.0. Affected by this vulnerability is an unknown functionality of the file /routers/add-item.php. Such manipulation of the argument price leads to sql injection. The attack can be launched remotely. The exploit is publicly...

CVE-2026-4319 code-projects Simple Food Order System add-item.php sql injection

A vulnerability was identified in code-projects Simple Food Order System 1.0. Affected by this vulnerability is an unknown functionality of the file /routers/add-item.php. Such manipulation of the argument price leads to sql injection. The attack can be launched remotely. The exploit is publicly...

CVE-2026-4319

CVE-2026-4319 affects code-projects Simple Food Order System 1.0. The vulnerability targets an unknown functionality in /routers/add-item.php where manipulating the price argument enables SQL injection. Exploitation can be performed remotely, and public exploits exist. The available data does not...

CVE-2026-3763 code-projects Simple Flight Ticket Booking System showhistory.php cross site scripting

A vulnerability was found in code-projects Simple Flight Ticket Booking System 1.0. The affected element is an unknown function of the file showhistory.php. The manipulation results in cross site scripting. It is possible to launch the attack remotely. The exploit has been made public and could b...

CVE-2026-3745 code-projects Student Web Portal profile.php sql injection

A vulnerability was found in code-projects Student Web Portal 1.0. Affected is an unknown function of the file profile.php. The manipulation of the argument User results in sql injection. The attack can be launched remotely. The exploit has been made public and could be used...

CVE-2026-3745

CVE-2026-3745 affects code-projects’ Student Web Portal 1.0. An unknown function in profile.php allows manipulation of the User argument, resulting in an SQL injection. The vulnerability is remotely exploitable and, per the sources, the exploit has been publicly disclosed. Affected impact is desc...

CVE-2026-3745 code-projects Student Web Portal profile.php sql injection

A vulnerability was found in code-projects Student Web Portal 1.0. Affected is an unknown function of the file profile.php. The manipulation of the argument User results in sql injection. The attack can be launched remotely. The exploit has been made public and could be used...

CVE-2026-3745

A vulnerability was found in code-projects Student Web Portal 1.0. Affected is an unknown function of the file profile.php. The manipulation of the argument User results in sql injection. The attack can be launched remotely. The exploit has been made public and could be used...

CVE-2026-3744

A vulnerability has been found in code-projects Student Web Portal 1.0. This impacts the function valregpasswdation of the file signup.php. The manipulation of the argument regpasswd leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may...