PT-2026-32372

Sourcecodester Online Resort Management System v1.0 is vulnerable to SQL Injection in the file /orms/admin/rooms/manage room.php...

CVE-2026-3751

A vulnerability was detected in SourceCodester Employee Task Management System 1.0. Impacted is an unknown function of the file /daily-attendance-report.php of the component GET Parameter Handler. The manipulation of the argument Date results in sql injection. The attack may be performed from...

CVE-2026-2089

A vulnerability was found in SourceCodester Online Class Record System 1.0. This vulnerability affects unknown code of the file /admin/subject/controller.php. Performing a manipulation of the argument ID results in sql injection. Remote exploitation of the attack is possible. The exploit has been...

CVE-2025-13564

A security flaw has been discovered in SourceCodester Pre-School Management System 1.0. Impacted is the function removefile of the file app/controllers/FilehelperController.php. Performing manipulation of the argument filepath results in denial of service. The attack is possible to be carried out...

CVE-2025-63712

Cross-Site Request Forgery CSRF in SourceCodester Product Expiry Management System. The User Management module delete-user.php allows remote attackers to delete arbitrary user accounts via forged cross-origin GET requests because the endpoint relies solely on session cookies and lacks CSRF...

CVE-2025-63712

Cross-Site Request Forgery CSRF in SourceCodester Product Expiry Management System. The User Management module delete-user.php allows remote attackers to delete arbitrary user accounts via forged cross-origin GET requests because the endpoint relies solely on session cookies and lacks CSRF...

CVE-2025-63711

CVE-2025-63711 is a CSRF vulnerability affecting SourceCodester Client Database Management System 1.0. The issue: the user deletion endpoint (e.g., superadmin_user_delete.php) accepts POST with user_id and lacks request origin checks, anti-CSRF tokens, and proper authentication/authorization. An ...

CVE-2025-11614

A vulnerability was identified in SourceCodester Best Salon Management System 1.0. Affected by this issue is some unknown functionality of the file /panel/edit-appointment.php. Such manipulation of the argument editid leads to sql injection. The attack may be launched remotely. The exploit is...

CVE-2025-11476

A vulnerability was identified in SourceCodester Simple E-Commerce Bookstore 1.0. This affects an unknown part of the file /index.php. The manipulation of the argument loginusername leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and might be used...

CVE-2025-11474

CVE-2025-11474 affects SourceCodester Hotel and Lodge Management System 1.0. The vulnerability lies in the /edit_booking.php functionality, where manipulation of the Name parameter enables a SQL injection. This is a remotely exploitable flaw with publicly available exploit details. Multiple sourc...

EUVD-2024-27502

Malicious code in bioql PyPI...

EUVD-2022-25247

Malicious code in bioql PyPI...

EUVD-2022-25248

Malicious code in bioql PyPI...

EUVD-2024-17030

Malicious code in bioql PyPI...

CVE-2025-11057 SourceCodester Pet Grooming Management Software print_inv.php sql injection

A vulnerability has been found in SourceCodester Pet Grooming Management Software 1.0. Affected by this issue is some unknown functionality of the file /admin/printinv.php. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit has been...

PT-2025-37761

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Student File Management System version 1.0 Description: A security flaw exists in SourceCodester Online Student File Management System 1.0. The issue is a SQL injection affecting an unknown function within the /index.php...

CVE-2025-9660 SourceCodester Bakeshop Online Ordering System passwordrecover.php sql injection

A vulnerability was found in SourceCodester Bakeshop Online Ordering System 1.0. The impacted element is an unknown function of the file /passwordrecover.php. Performing manipulation of the argument phonenumber results in sql injection. The attack is possible to be carried out remotely. The explo...

CVE-2025-6477

A vulnerability was found in SourceCodester Student Result Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /script/admin/system of the component System Settings Page. The manipulation of the argument School Name...

CVE-2024-2553

A vulnerability, which was classified as problematic, was found in SourceCodester Product Review Rating System 1.0. Affected is an unknown function of the component Rate Product Handler. The manipulation of the argument Your Name/Comment leads to cross site scripting. It is possible to launch the...

CVE-2024-1269

A vulnerability has been found in SourceCodester Product Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /supplier.php. The manipulation of the argument suppliername/suppliercontact leads to cross site scripting. The attack can be initiated...