16073 matches found
PT-2026-29535
A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0. The vulnerability is located in the add-sales.php file. The application fails to validate the "txtprice" and "txttotalcost" parameters, allowing attackers to submit negative values for sales...
CVE-2026-30522
Summary: CVE-2026-30522 affects SourceCodester Loan Management System v1.0. A business logic flaw arises from improper server-side validation allowing negative values for penalty_rate in Loan Plans, despite frontend restrictions. An authenticated attacker can bypass client-side validation by subm...
SourceCodester Loan Management System 安全漏洞
The SourceCodester Loan Management System is an open-source loan management system developed by SourceCodester. Version 1.0 of the SourceCodester Loan Management System contains a security vulnerability. This vulnerability stems from improper server-side validation, which could allow authenticate...
CVE-2026-5126
A flaw has been found in SourceCodester RSS Feed Parser 1.0. Affected by this issue is the function filegetcontents. This manipulation causes server-side request forgery. The attack is possible to be carried out remotely. The exploit has been published and may be used...
EUVD-2026-17587
A security vulnerability has been detected in SourceCodester Leave Application System 1.0. Affected by this issue is some unknown functionality of the component User Management Handler. Such manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been...
EUVD-2026-17589
A vulnerability was detected in SourceCodester Leave Application System 1.0. This affects an unknown part. Performing a manipulation of the argument page results in file inclusion. Remote exploitation of the attack is possible. The exploit is now public and may be used...
CVE-2026-30521
A Business Logic vulnerability exists in SourceCodester Loan Management System v1.0 due to improper server-side validation. The application allows administrators to create "Loan Plans" with specific interest rates. While the frontend interface prevents users from entering negative numbers, this...
CVE-2026-5210 SourceCodester Leave Application System file inclusion
A vulnerability was detected in SourceCodester Leave Application System 1.0. This affects an unknown part. Performing a manipulation of the argument page results in file inclusion. Remote exploitation of the attack is possible. The exploit is now public and may be used...
CVE-2026-5210 SourceCodester Leave Application System file inclusion
A vulnerability was detected in SourceCodester Leave Application System 1.0. This affects an unknown part. Performing a manipulation of the argument page results in file inclusion. Remote exploitation of the attack is possible. The exploit is now public and may be used...
CVE-2026-5210
CVE-2026-5210 affects SourceCodester Leave Application System 1.0. The vulnerability is a file inclusion caused by manipulation of an argument (page), enabling remote exploitation. The exploit is public. Affected component/impact details are described as remote code execution through LFI-like beh...
CVE-2026-5209 SourceCodester Leave Application System User Management cross site scripting
A security vulnerability has been detected in SourceCodester Leave Application System 1.0. Affected by this issue is some unknown functionality of the component User Management Handler. Such manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been...
CVE-2026-5209 SourceCodester Leave Application System User Management cross site scripting
A security vulnerability has been detected in SourceCodester Leave Application System 1.0. Affected by this issue is some unknown functionality of the component User Management Handler. Such manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been...
CVE-2026-30520
A Blind SQL Injection vulnerability exists in SourceCodester Loan Management System v1.0. The vulnerability is located in the ajax.php file specifically the saveloan action. The application fails to properly sanitize user input supplied to the "borrowerid" parameter in a POST request, allowing an...
EUVD-2026-17329
A vulnerability was found in SourceCodester Teacher Record System 1.0. Impacted is an unknown function of the file Teacher Record System of the component Parameter Handler. Performing a manipulation of the argument searchteacher results in sql injection. It is possible to initiate the attack...
EUVD-2026-17311
A vulnerability was detected in SourceCodester Simple Doctors Appointment System 1.0. This affects an unknown part of the file /admin/login.php. The manipulation of the argument Username results in sql injection. The attack can be executed remotely. The exploit is now public and may be used...
CVE-2026-5182
A vulnerability was found in SourceCodester Teacher Record System 1.0. Impacted is an unknown function of the file Teacher Record System of the component Parameter Handler. Performing a manipulation of the argument searchteacher results in sql injection. It is possible to initiate the attack...
CVE-2026-5182 SourceCodester Teacher Record System Parameter sql injection
A vulnerability was found in SourceCodester Teacher Record System 1.0. Impacted is an unknown function of the file Teacher Record System of the component Parameter Handler. Performing a manipulation of the argument searchteacher results in sql injection. It is possible to initiate the attack...
CVE-2026-5182 SourceCodester Teacher Record System Parameter sql injection
A vulnerability was found in SourceCodester Teacher Record System 1.0. Impacted is an unknown function of the file Teacher Record System of the component Parameter Handler. Performing a manipulation of the argument searchteacher results in sql injection. It is possible to initiate the attack...
CVE-2026-5182
A vulnerability was found in SourceCodester Teacher Record System 1.0. Impacted is an unknown function of the file Teacher Record System of the component Parameter Handler. Performing a manipulation of the argument searchteacher results in sql injection. It is possible to initiate the attack...
CVE-2026-5181
A vulnerability has been found in SourceCodester Simple Doctors Appointment System up to 1.0. This issue affects some unknown processing of the file /doctorsappointment/admin/ajax.php?action=savecategory. Such manipulation of the argument img leads to unrestricted upload. The attack may be...