CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3773 matches found

Vulnrichment•added 2025/10/08 12:32 p.m.•2 views

CVE-2025-11474 SourceCodester Hotel and Lodge Management System edit_booking.php sql injection

A vulnerability was found in SourceCodester Hotel and Lodge Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /editbooking.php. Performing manipulation of the argument Name results in sql injection. The attack can be initiated remotely. The exploit has...

6.5CVSS6.7AI score0.00359EPSS

Exploits1References5

OSV•added 2025/10/08 12:15 p.m.•2 views

CVE-2025-11473

A vulnerability has been found in SourceCodester Hotel and Lodge Management System 1.0. Affected is an unknown function of the file /editcurr.php. Such manipulation of the argument currsymbol leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to t...

9.8CVSS5.7AI score0.00431EPSS

Exploits1References5

Cvelist•added 2025/10/08 12:2 p.m.•9 views

CVE-2025-11472 SourceCodester Hotel and Lodge Management System edit_room.php sql injection

A flaw has been found in SourceCodester Hotel and Lodge Management System 1.0. This impacts an unknown function of the file /editroom.php. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used...

7.5CVSS0.00431EPSS

Exploits1References5

CVE•added 2025/10/08 12:2 p.m.•10 views

CVE-2025-11472

CVE-2025-11472 affects SourceCodester Hotel and Lodge Management System 1.0. The vulnerability is a SQL injection in the /edit_room.php script caused by improper handling of the ID parameter, enabling remote exploitation. Exploit unreliable/unconfirmed details are not provided beyond the claim th...

9.8CVSS6.6AI score0.00431EPSS

Exploits1References5Affected Software1

CVE•added 2025/10/08 4:2 a.m.•12 views

CVE-2025-11431

Code-Projects Web-Based Inventory and POS System 1.0 contains an SQL injection in the /transaction.php file, triggered by manipulating the shopid parameter in an unknown function. Remote exploitation is possible, and public disclosure of the exploit is noted in multiple sources. Affected componen...

9.8CVSS6.4AI score0.00359EPSS

Exploits1References5Affected Software1

Vulnrichment•added 2025/10/08 3:32 a.m.•3 views

CVE-2025-11430 SourceCodester Simple E-Commerce Bookstore cart.php sql injection

A vulnerability was found in SourceCodester Simple E-Commerce Bookstore 1.0. The affected element is an unknown function of the file /cart.php. The manipulation of the argument remove results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used...

7.5CVSS6.7AI score0.00379EPSS

Exploits1References5

NVD•added 2025/10/08 2:15 a.m.•5 views

CVE-2025-11424

A vulnerability was determined in code-projects Web-Based Inventory and POS System 1.0. This impacts an unknown function of the file /login.php. Executing manipulation of the argument emailid can lead to sql injection. The attack may be performed from remote. The exploit has been publicly disclos...

9.8CVSS0.00431EPSS

Exploits1References5

Cvelist•added 2025/10/08 1:32 a.m.•10 views

CVE-2025-11422 Campcodes Advanced Online Voting Management System login.php sql injection

A vulnerability has been found in Campcodes Advanced Online Voting Management System 1.0. The impacted element is an unknown function of the file /admin/login.php. Such manipulation of the argument Username leads to sql injection. The attack can be executed remotely. The exploit has been disclose...

7.5CVSS0.00468EPSS

Exploits1References5

Vulnrichment•added 2025/10/08 1:32 a.m.•3 views

CVE-2025-11422 Campcodes Advanced Online Voting Management System login.php sql injection

7.5CVSS6.8AI score0.00468EPSS

Exploits1References5

CVE•added 2025/10/07 11:2 p.m.•15 views

CVE-2025-11415

The vulnerability is in PHPGurukul Beauty Parlour Management System v1.1, specifically in /admin/customer-list.php where manipulating the delid parameter causes SQL injection. This can be exploited remotely and an exploit is publicly available. Several connected sources corroborate the issue and ...

9.8CVSS7.3AI score0.00376EPSS

Exploits1References5Affected Software1

OSV•added 2025/10/07 7:15 p.m.•3 views

CVE-2025-11405

A vulnerability was identified in SourceCodester Hotel and Lodge Management System 1.0. This vulnerability affects unknown code of the file /deltax.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit is publicly available and might be...

9.8CVSS5.8AI score0.00316EPSS

Exploits1References5

CVE•added 2025/10/07 3:32 a.m.•10 views

CVE-2025-11349

CVE-2025-11349 affects Campcodes Online Apartment Visitor Management System 1.0. The vulnerability is an SQL injection in the /search-visitor.php script via the searchdata parameter. Root cause is the manipulation of the searchdata argument, with remote initiation possible. The exploit is publicl...

9.8CVSS7.3AI score0.00376EPSS

Exploits1References5Affected Software1

OSV•added 2025/10/07 3:15 a.m.•2 views

CVE-2025-11348

A vulnerability was determined in Campcodes Online Apartment Visitor Management System 1.0. This issue affects some unknown processing of the file /index.php. Executing a manipulation of the argument Username can lead to sql injection. The attack can be launched remotely. The exploit has been...

9.8CVSS5.8AI score0.00376EPSS

Exploits1References5