PT-2026-28658

Name of the Vulnerable Software and Affected Versions itsourcecode Free Hotel Reservation System version 1.0 Description A flaw exists in itsourcecode Free Hotel Reservation System 1.0. Manipulation of the ID argument in a file, /admin/mod amenities/index.php?view=editpic, can lead to SQL...

itsourcecode Payroll Management System 代码注入漏洞

itsourcecode Payroll Management System is an open-source payroll management system developed by itsourcecode. Versions of itsourcecode Payroll Management System 1.0 and earlier had a code injection vulnerability. This vulnerability stemmed from incorrect handling of parameters in the...

CVE-2026-4783 itsourcecode College Management System Parameter add-single-student-results.php sql injection

A vulnerability has been found in itsourcecode College Management System 1.0. The impacted element is an unknown function of the file /admin/add-single-student-results.php of the component Parameter Handler. The manipulation of the argument coursecode leads to sql injection. It is possible to...

CVE-2026-4783

The CVE concerns itsourcecode College Management System 1.0. The vulnerability is in the Parameter Handler of the /admin/add-single-student-results.php file, where manipulating the course_code argument causes SQL injection. It can be exploited remotely and the exploit has been disclosed publicly....

itsourcecode College Management System SQL注入漏洞

itsourcecode College Management System is an open-source university management system developed by itsourcecode. Version 1.0 of itsourcecode College Management System has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter coursecode in the file...

CVE-2026-4632

CVE-2026-4632 affects itsourcecode Online Enrollment System 1.0. The vulnerability resides in the unknown code path of /sms/user/index.php?view=add under the Parameter Handler, where manipulating the Name argument can trigger SQL injection. The issue is exploitable remotely and, according to cite...

CVE-2026-4632

A weakness has been identified in itsourcecode Online Enrollment System 1.0. This vulnerability affects unknown code of the file /sms/user/index.php?view=add of the component Parameter Handler. Executing a manipulation of the argument Name can lead to sql injection. The attack may be performed fr...

itsourcecode College Management System SQL注入漏洞

itsourcecode College Management System is an open-source university management system developed by itsourcecode. Version 1.0 of itsourcecode College Management System has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the subjectcode parameter in the file...

CVE-2026-4614 itsourcecode sanitize or validate this input Parameter subjects.php sql injection

A vulnerability was determined in itsourcecode sanitize or validate this input 1.0. This issue affects some unknown processing of the file /admin/subjects.php of the component Parameter Handler. This manipulation of the argument subjectcode causes sql injection. The attack is possible to be carri...

CVE-2026-4614 itsourcecode sanitize or validate this input Parameter subjects.php sql injection

A vulnerability was determined in itsourcecode sanitize or validate this input 1.0. This issue affects some unknown processing of the file /admin/subjects.php of the component Parameter Handler. This manipulation of the argument subjectcode causes sql injection. The attack is possible to be carri...

CVE-2026-4612

The CVE-2026-4612 entry concerns itsourcecode Free Hotel Reservation System 1.0. The vulnerability resides in the Parameter Handler component, specifically in /hotel/admin/mod_users/index.php?view=edit&id=8, where manipulation of the account_id argument allows SQL injection. Remote exploitation i...

CVE-2026-4612 itsourcecode Free Hotel Reservation System Parameter index.php sql injection

A vulnerability has been found in itsourcecode Free Hotel Reservation System 1.0. This affects an unknown part of the file /hotel/admin/modusers/index.php?view=edit&id=8 of the component Parameter Handler. The manipulation of the argument accountid leads to sql injection. Remote exploitation of t...

CVE-2026-4612 itsourcecode Free Hotel Reservation System Parameter index.php sql injection

A vulnerability has been found in itsourcecode Free Hotel Reservation System 1.0. This affects an unknown part of the file /hotel/admin/modusers/index.php?view=edit&id=8 of the component Parameter Handler. The manipulation of the argument accountid leads to sql injection. Remote exploitation of t...

CVE-2026-4485

A vulnerability has been found in itsourcecode College Management System 1.0. The impacted element is an unknown function of the file /admin/searchstudent.php. The manipulation of the argument Search leads to sql injection. The attack is possible to be carried out remotely. The exploit has been...

CVE-2026-4485

CVE-2026-4485 affects itsourcecode College Management System 1.0. The vulnerability is an SQL injection in an unknown function handling the Search parameter of /admin/search_student.php, exploitable remotely. Public exploit exposure is indicated. CVSS details show multiple vectors/metrics (e.g., ...

EUVD-2026-13589

A vulnerability was detected in itsourcecode Online Doctor Appointment System 1.0. This issue affects some unknown processing of the file /admin/appointmentaction.php. The manipulation of the argument appointmentid results in sql injection. The attack can be launched remotely. The exploit is now...

EUVD-2026-13563

A vulnerability was identified in itsourcecode Online Frozen Foods Ordering System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/admineditmenuaction.php. Such manipulation of the argument productname leads to sql injection. The attack may be performed from...

EUVD-2026-13565

A security flaw has been discovered in itsourcecode Online Frozen Foods Ordering System 1.0. Affected by this issue is some unknown functionality of the file /admin/admineditmenu.php. Performing a manipulation of the argument productname results in sql injection. It is possible to initiate the...

CVE-2026-4473

A vulnerability was detected in itsourcecode Online Doctor Appointment System 1.0. This issue affects some unknown processing of the file /admin/appointmentaction.php. The manipulation of the argument appointmentid results in sql injection. The attack can be launched remotely. The exploit is now...

CVE-2026-4474 itsourcecode University Management System admin_single_student_update.php cross site scripting

A flaw has been found in itsourcecode University Management System 1.0. Impacted is an unknown function of the file /adminsinglestudentupdate.php. This manipulation of the argument stname causes cross site scripting. The attack may be initiated remotely. The exploit has been published and may be...