CVE-2026-4908

A security flaw has been discovered in code-projects Simple Laundry System 1.0. This affects an unknown function of the file /modstaffinfo.php of the component Parameter Handler. The manipulation of the argument userid results in sql injection. The attack may be performed from remote. The exploit...

CVE-2026-4777

A security flaw has been discovered in SourceCodester Sales and Inventory System 1.0. This affects an unknown part of the file viewsupplier.php of the component POST Parameter Handler. The manipulation of the argument searchtxt results in sql injection. The attack may be launched remotely. The...

CVE-2026-4241

A vulnerability was identified in itsourcecode College Management System 1.0. The impacted element is an unknown function of the file /admin/time-table.php. Such manipulation of the argument coursecode leads to sql injection. The attack can be launched remotely. The exploit is publicly available...

PT-2026-28207

A security vulnerability has been detected in itsourcecode Online Enrollment System 1.0. This vulnerability affects unknown code of the file /sms/grades/index.php?view=edit&id=1 of the component Parameter Handler. The manipulation of the argument deptid leads to sql injection. The attack is...

PT-2026-28205

A weakness has been identified in code-projects Online Food Ordering System 1.0. This affects an unknown part of the file form/cart.php of the component Shopping Cart Module. Executing a manipulation of the argument del can lead to sql injection. The attack can be executed remotely. The exploit h...

CVE-2026-4784

The CVE-2026-4784 vulnerability affects code-projects Simple Laundry System 1.0, specifically the Parameter Handler’s /checkcheckout.php and its serviceId parameter. The root cause allows SQL injection in a remote-exploit scenario, with the exploit already public and potentially usable. Multiple ...

CVE-2026-4779

CVE-2026-4779 affects SourceCodester Sales and Inventory System 1.0. The vulnerability arises from manipulating the HTTP GET parameter sid in update_customer_details.php, causing an SQL injection. It can be exploited remotely, and public PoCs/exploits are available according to the sources. Affec...

CVE-2026-4777 SourceCodester Sales and Inventory System POST Parameter view_supplier.php sql injection

A security flaw has been discovered in SourceCodester Sales and Inventory System 1.0. This affects an unknown part of the file viewsupplier.php of the component POST Parameter Handler. The manipulation of the argument searchtxt results in sql injection. The attack may be launched remotely. The...

CVE-2026-4614

A vulnerability was determined in itsourcecode sanitize or validate this input 1.0. This issue affects some unknown processing of the file /admin/subjects.php of the component Parameter Handler. This manipulation of the argument subjectcode causes sql injection. The attack is possible to be carri...

EUVD-2026-14475

A vulnerability has been found in erupts erupt up to 1.13.3. Affected by this issue is the function geneEruptHqlOrderBy of the file erupt-data/erupt-jpa/src/main/java/xyz/erupt/jpa/dao/EruptJpaUtils.java. Such manipulation of the argument sort.field leads to sql injection hibernate. It is possibl...

CVE-2026-4572 SourceCodester Sales and Inventory System HTTP POST Request view_product.php sql injection

A weakness has been identified in SourceCodester Sales and Inventory System 1.0. Affected by this issue is some unknown functionality of the file /viewproduct.php of the component HTTP POST Request Handler. Executing a manipulation of the argument searchtxt can lead to sql injection. The attack m...

CVE-2026-4235

CVE-2026-4235 affects itsourcecode Online Enrollment System 1.0. The vulnerability is an SQL injection in /sms/login.php via the user_email parameter, exploitable remotely over the network (no authentication). The cited exploit is PROOF-OF-CONCEPT. Impact is described in metrics as CONFIDENTIALIT...

PT-2026-25633

A vulnerability was identified in itsourcecode Payroll Management System 1.0. This issue affects some unknown processing of the file /manage employee.php. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might ...

CVE-2026-3755

A vulnerability was determined in SourceCodester Sales and Inventory System 1.0. This impacts an unknown function of the file /checkcustomerdetails.php of the component POST Handler. Executing a manipulation of the argument stockname1 can lead to sql injection. The attack can be launched remotely...

CVE-2026-3765 itsourcecode University Management System att_single_view.php sql injection

A vulnerability was identified in itsourcecode University Management System 1.0. This affects an unknown function of the file /attsingleview.php. Such manipulation of the argument dt leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be used...

CVE-2026-3756

A vulnerability was identified in SourceCodester Sales and Inventory System up to 1.0. Affected is an unknown function of the file /checkitemdetails.php. The manipulation of the argument stockname1 leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and...

CVE-2026-3755

CVE-2026-3755 affects SourceCodester Sales and Inventory System 1.0, specifically the POST Handler. The vulnerability is a SQL injection in the file /check_customer_details.php caused by manipulating the argument stock_name1 (also reported in variations like stock name1). It can be exploited remo...

CVE-2026-3752

A flaw has been found in SourceCodester Employee Task Management System up to 1.0. The affected element is an unknown function of the file /daily-task-report.php of the component GET Parameter Handler. This manipulation of the argument Date causes sql injection. It is possible to initiate the...

PT-2026-23986

Name of the Vulnerable Software and Affected Versions EasyCMS versions prior to 1.7 Description A security flaw exists in EasyCMS that allows for remote SQL injection. The issue is located within the Request Parameter Handler component, specifically in the file /RbacuserAction.class.php...

CVE-2026-2912

A vulnerability was found in code-projects Online Reviewer System 1.0. Impacted is an unknown function of the file /system/system/students/assessments/results/studentresult-view.php. The manipulation of the argument testid results in sql injection. It is possible to launch the attack remotely. Th...