CVE-2026-2221 code-projects Online Reviewer System Login index.php sql injection

A security flaw has been discovered in code-projects Online Reviewer System 1.0. Affected is an unknown function of the file /login/index.php of the component Login. Performing a manipulation of the argument Username results in sql injection. The attack is possible to be carried out remotely. The...

CVE-2026-2221 code-projects Online Reviewer System Login index.php sql injection

A security flaw has been discovered in code-projects Online Reviewer System 1.0. Affected is an unknown function of the file /login/index.php of the component Login. Performing a manipulation of the argument Username results in sql injection. The attack is possible to be carried out remotely. The...

CVE-2026-2220

CVE-2026-2220 affects code-projects Online Reviewer System 1.0. The issue is an SQL injection in the file /system/system/admins/assessments/pretest/btn_functions.php caused by manipulating the difficulty_id argument. It can be exploited remotely and a public PoC exists. Impact is described as HIG...

CVE-2026-2220 code-projects Online Reviewer System btn_functions.php sql injection

A vulnerability was identified in code-projects Online Reviewer System 1.0. This impacts an unknown function of the file /system/system/admins/assessments/pretest/btnfunctions.php. Such manipulation of the argument difficultyid leads to sql injection. The attack can be executed remotely. The...

CVE-2026-2214

A weakness has been identified in code-projects for Plugin 1.0. This affects an unknown part of the file /Administrator/PHP/AdminAddAlbum.php. This manipulation of the argument txtalbum causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been made availabl...

CVE-2026-2214

CVE-2026-2214 affects code-projects for Plugin 1.0, with the weakness located in an unknown part of /Administrator/PHP/AdminAddAlbum.php. The issue arises from manipulating the txtalbum argument, enabling a cross-site scripting (XSS) flaw that can be triggered remotely. Multiple connected sources...

CVE-2026-2214 code-projects for Plugin AdminAddAlbum.php cross site scripting

A weakness has been identified in code-projects for Plugin 1.0. This affects an unknown part of the file /Administrator/PHP/AdminAddAlbum.php. This manipulation of the argument txtalbum causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been made availabl...

CVE-2026-2214 code-projects for Plugin AdminAddAlbum.php cross site scripting

A weakness has been identified in code-projects for Plugin 1.0. This affects an unknown part of the file /Administrator/PHP/AdminAddAlbum.php. This manipulation of the argument txtalbum causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been made availabl...

CVE-2026-2213

The CVE-2026-2213 entry concerns code-projects Online Music Site 1.0 with an unrestricted upload vulnerability in /Administrator/PHP/AdminAddAlbum.php. The issue stems from manipulating the txtimage argument, enabling remote attackers to upload files without restriction. Multiple connected source...

CVE-2026-2213 code-projects Online Music Site AdminAddAlbum.php unrestricted upload

A security flaw has been discovered in code-projects Online Music Site 1.0. Affected by this issue is some unknown functionality of the file /Administrator/PHP/AdminAddAlbum.php. The manipulation of the argument txtimage results in unrestricted upload. The attack may be performed from remote. The...

CVE-2026-2212 code-projects Online Music Site AdminEditCategory.php sql injection

A vulnerability was identified in code-projects Online Music Site 1.0. Affected by this vulnerability is an unknown functionality of the file /Administrator/PHP/AdminEditCategory.php. The manipulation of the argument ID leads to sql injection. The attack is possible to be carried out remotely. Th...

CVE-2026-2212

A vulnerability was identified in code-projects Online Music Site 1.0. Affected by this vulnerability is an unknown functionality of the file /Administrator/PHP/AdminEditCategory.php. The manipulation of the argument ID leads to sql injection. The attack is possible to be carried out remotely. Th...

CVE-2026-2212 code-projects Online Music Site AdminEditCategory.php sql injection

A vulnerability was identified in code-projects Online Music Site 1.0. Affected by this vulnerability is an unknown functionality of the file /Administrator/PHP/AdminEditCategory.php. The manipulation of the argument ID leads to sql injection. The attack is possible to be carried out remotely. Th...

CVE-2026-2212

CVE-2026-2212 affects code-projects Online Music Site 1.0. The vulnerability is in the unknown/undisclosed function of the file /Administrator/PHP/AdminEditCategory.php, where manipulation of the parameter ID leads to a SQL injection vulnerability. Multiple connected sources (NVD, Red Hat, CVE li...

CVE-2026-2211 code-projects Online Music Site AdminDeleteCategory.php sql injection

A vulnerability was determined in code-projects Online Music Site 1.0. Affected is an unknown function of the file /Administrator/PHP/AdminDeleteCategory.php. Executing a manipulation of the argument ID can lead to sql injection. The attack can be executed remotely. The exploit has been publicly...

CVE-2026-2211

CVE-2026-2211 (code-projects Online Music Site 1.0) : The vulnerability is in the unknown function of the file /Administrator/PHP/AdminDeleteCategory.php. A manipulation of the argument ID can trigger a SQL injection , with the attack executable remotely. Public disclosure of the exploit is noted...

CVE-2026-2199 code-projects Online Reviewer System user-delete.php sql injection

A security flaw has been discovered in code-projects Online Reviewer System 1.0. The impacted element is an unknown function of the file /reviewer/system/system/admins/manage/users/user-delete.php. Performing a manipulation of the argument ID results in sql injection. The attack can be initiated...

CVE-2026-2199

The CVE-2026-2199 entry concerns code-projects Online Reviewer System 1.0. The vulnerability is in the file /reviewer/system/system/admins/manage/users/user-delete.php, where manipulation of the argument ID enables a SQL injection. Descriptions across multiple connected sources (NVD, Red Hat, CVE...

CVE-2026-2199 code-projects Online Reviewer System user-delete.php sql injection

A security flaw has been discovered in code-projects Online Reviewer System 1.0. The impacted element is an unknown function of the file /reviewer/system/system/admins/manage/users/user-delete.php. Performing a manipulation of the argument ID results in sql injection. The attack can be initiated...

CVE-2026-2198 code-projects Online Reviewer System loaddata.php sql injection

A vulnerability was identified in code-projects Online Reviewer System 1.0. The affected element is an unknown function of the file /system/system/admins/assessments/pretest/loaddata.php. Such manipulation of the argument difficultyid leads to sql injection. It is possible to launch the attack...