3482 matches found
CVE-2026-7110
A flaw has been found in code-projects Invoice System in Laravel 1.0. Affected is an unknown function of the file /item. Executing a manipulation of the argument item name/description can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been published an...
CVE-2026-7238
A vulnerability in code-projects Online Music Site 1.0 affects Administrator/PHP/AdminUpdateAlbum.php where manipulation of the txtimage argument enables unrestricted file upload. This remote exploitation is possible and an exploit has been published. The CVSS metrics indicate a Network attacker ...
CVE-2026-7238 code-projects Online Music Site AdminUpdateAlbum.php unrestricted upload
A flaw has been found in code-projects Online Music Site 1.0. This affects an unknown part of the file /Administrator/PHP/AdminUpdateAlbum.php. This manipulation of the argument txtimage causes unrestricted upload. Remote exploitation of the attack is possible. The exploit has been published and...
CVE-2026-7229
CVE-2026-7229 affects code-projects Coaching Management System 1.0. The vulnerability resides in the POST Handler for the admin reply.php function under /cims/modules/admin/reply.php, where manipulating the complaintreply argument causes SQL injection. Remote execution is possible, and the exploi...
CVE-2026-7222 code-projects Coaching Management System Complaint Form complaint.php cross site scripting
A vulnerability was determined in code-projects Coaching Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /cims/modules/student/complaint.php of the component Complaint Form Page. This manipulation of the argument Complaint causes cross site scripting...
Code-Projects Coaching Management System 跨站脚本漏洞
The Code-Projects Coaching Management System is an open-source coaching management system developed by Code-Projects. Version 1.0 of the Code-Projects Coaching Management System contains a cross-site scripting vulnerability. This vulnerability stems from the Complaint Parameter in the Complaint...
Code-Projects Online Music Site 访问控制错误漏洞
Code-Projects Online Music Site is an online music website developed by Code-Projects as open source. Version 1.0 of Code-Projects Online Music Site has a vulnerability related to access control. This vulnerability stems from the unlimited upload feature of the txtimage parameter in the...
Code-Projects Coaching Management System 注入漏洞
The Code-Projects Coaching Management System is an open-source coaching management system developed by Code-Projects. Version 1.0 of the Code-Projects Coaching Management System has a SQL injection vulnerability. This vulnerability stems from the complaintreply parameter in the...
CVE-2026-7134 code-projects Online Lot Reservation System edithousepic.php unrestricted upload
A vulnerability was identified in code-projects Online Lot Reservation System 1.0. Affected is an unknown function of the file /edithousepic.php. Such manipulation of the argument image leads to unrestricted upload. The attack can be launched remotely. The exploit is publicly available and might ...
CVE-2026-7134 code-projects Online Lot Reservation System edithousepic.php unrestricted upload
A vulnerability was identified in code-projects Online Lot Reservation System 1.0. Affected is an unknown function of the file /edithousepic.php. Such manipulation of the argument image leads to unrestricted upload. The attack can be launched remotely. The exploit is publicly available and might ...
CVE-2026-7133 code-projects Online Lot Reservation System activity.php unrestricted upload
A vulnerability was determined in code-projects Online Lot Reservation System 1.0. This impacts an unknown function of the file /activity.php. This manipulation of the argument directory causes unrestricted upload. The attack can be initiated remotely. The exploit has been publicly disclosed and...
CVE-2026-7133 code-projects Online Lot Reservation System activity.php unrestricted upload
A vulnerability was determined in code-projects Online Lot Reservation System 1.0. This impacts an unknown function of the file /activity.php. This manipulation of the argument directory causes unrestricted upload. The attack can be initiated remotely. The exploit has been publicly disclosed and...
CVE-2026-7133
The CVE-2026-7133 entry affects code-projects Online Lot Reservation System 1.0, specifically a vulnerability in /activity.php where manipulating the directory argument enables unrestricted upload. This can be triggered remotely and has publicly disclosed exploit details. The connected documents ...
CVE-2026-7132 code-projects Online Lot Reservation System download.php readfile path traversal
A vulnerability was found in code-projects Online Lot Reservation System up to 1.0. This affects the function readfile of the file /download.php. The manipulation of the argument File results in path traversal. It is possible to launch the attack remotely. The exploit has been made public and cou...
CVE-2026-7132
CVE-2026-7132 affects code-projects Online Lot Reservation System (≤1.0). The vulnerability is in the readfile function of /download.php, where manipulation of the File argument enables path traversal. This can be exploited remotely; a public exploit is noted. CVSS data indicate network access wi...
CVE-2026-7132
A vulnerability was found in code-projects Online Lot Reservation System up to 1.0. This affects the function readfile of the file /download.php. The manipulation of the argument File results in path traversal. It is possible to launch the attack remotely. The exploit has been made public and cou...
CVE-2026-7131 code-projects Online Lot Reservation System loginuser.php sql injection
A vulnerability has been found in code-projects Online Lot Reservation System up to 1.0. The impacted element is an unknown function of the file /loginuser.php. The manipulation of the argument email/password leads to sql injection. It is possible to initiate the attack remotely. The exploit has...
CVE-2026-7131
The CVE-2026-7131 entry concerns code-projects Online Lot Reservation System (up to 1.0). The vulnerable component is an unknown function in /loginuser.php, where manipulation of the email/password parameters allows a SQL injection. The issue is exploitable remotely and, per the records, exploits...
CVE-2026-7131 code-projects Online Lot Reservation System loginuser.php sql injection
A vulnerability has been found in code-projects Online Lot Reservation System up to 1.0. The impacted element is an unknown function of the file /loginuser.php. The manipulation of the argument email/password leads to sql injection. It is possible to initiate the attack remotely. The exploit has...
CVE-2026-7118
CVE-2026-7118 affects code-projects Employee Management System 1.0; the vulnerability targets the cancel.php function (370project/cancel.php) where manipulating the id/token parameter triggers a SQL injection. The CVSS metrics indicate a network-based, low-privilege, low-impact on confidentiality...