60 matches found
CVE-2026-14777
A weakness has been identified in SourceCodester Onlne Examination & Learning Management System 1.0. Affected by this issue is some unknown functionality of the file /announcements.php. Executing a manipulation can lead to unrestricted upload. The attack can be executed remotely. The exploit has...
CVE-2026-10255
A vulnerability has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. Affected by this vulnerability is the function sellstatement of the file application/controllers/ShowForm.php. Such manipulation leads to improper access controls. The attack can be launched remotely. The...
PT-2026-32372
Sourcecodester Online Resort Management System v1.0 is vulnerable to SQL Injection in the file /orms/admin/rooms/manage room.php...
CVE-2026-3751
A vulnerability was detected in SourceCodester Employee Task Management System 1.0. Impacted is an unknown function of the file /daily-attendance-report.php of the component GET Parameter Handler. The manipulation of the argument Date results in sql injection. The attack may be performed from...
CVE-2026-2089
A vulnerability was found in SourceCodester Online Class Record System 1.0. This vulnerability affects unknown code of the file /admin/subject/controller.php. Performing a manipulation of the argument ID results in sql injection. Remote exploitation of the attack is possible. The exploit has been...
CVE-2025-13564
A security flaw has been discovered in SourceCodester Pre-School Management System 1.0. Impacted is the function removefile of the file app/controllers/FilehelperController.php. Performing manipulation of the argument filepath results in denial of service. The attack is possible to be carried out...
CVE-2025-63712
Cross-Site Request Forgery CSRF in SourceCodester Product Expiry Management System. The User Management module delete-user.php allows remote attackers to delete arbitrary user accounts via forged cross-origin GET requests because the endpoint relies solely on session cookies and lacks CSRF...
CVE-2025-63712
Cross-Site Request Forgery CSRF in SourceCodester Product Expiry Management System. The User Management module delete-user.php allows remote attackers to delete arbitrary user accounts via forged cross-origin GET requests because the endpoint relies solely on session cookies and lacks CSRF...
CVE-2025-63711
CVE-2025-63711 is a CSRF vulnerability affecting SourceCodester Client Database Management System 1.0. The issue: the user deletion endpoint (e.g., superadmin_user_delete.php) accepts POST with user_id and lacks request origin checks, anti-CSRF tokens, and proper authentication/authorization. An ...
CVE-2025-11614
A vulnerability was identified in SourceCodester Best Salon Management System 1.0. Affected by this issue is some unknown functionality of the file /panel/edit-appointment.php. Such manipulation of the argument editid leads to sql injection. The attack may be launched remotely. The exploit is...
CVE-2025-11476
A vulnerability was identified in SourceCodester Simple E-Commerce Bookstore 1.0. This affects an unknown part of the file /index.php. The manipulation of the argument loginusername leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and might be used...
CVE-2025-11474
CVE-2025-11474 affects SourceCodester Hotel and Lodge Management System 1.0. The vulnerability lies in the /edit_booking.php functionality, where manipulation of the Name parameter enables a SQL injection. This is a remotely exploitable flaw with publicly available exploit details. Multiple sourc...
EUVD-2024-17030
Malicious code in bioql PyPI...
EUVD-2022-25248
Malicious code in bioql PyPI...
EUVD-2022-25247
Malicious code in bioql PyPI...
EUVD-2024-27502
Malicious code in bioql PyPI...
CVE-2025-11057 SourceCodester Pet Grooming Management Software print_inv.php sql injection
A vulnerability has been found in SourceCodester Pet Grooming Management Software 1.0. Affected by this issue is some unknown functionality of the file /admin/printinv.php. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit has been...
PT-2025-37761
Name of the Vulnerable Software and Affected Versions: SourceCodester Online Student File Management System version 1.0 Description: A security flaw exists in SourceCodester Online Student File Management System 1.0. The issue is a SQL injection affecting an unknown function within the /index.php...
CVE-2025-9660 SourceCodester Bakeshop Online Ordering System passwordrecover.php sql injection
A vulnerability was found in SourceCodester Bakeshop Online Ordering System 1.0. The impacted element is an unknown function of the file /passwordrecover.php. Performing manipulation of the argument phonenumber results in sql injection. The attack is possible to be carried out remotely. The explo...
CVE-2025-6477
A vulnerability was found in SourceCodester Student Result Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /script/admin/system of the component System Settings Page. The manipulation of the argument School Name...