CVE-2026-5811

Affected product: SourceCodester Online Food Ordering System 1.0. The CVE stems from the POST Parameter Handler, specifically the save_product function in Actions.php, where manipulating the price parameter leads to business logic errors. Impact is described as remote exploitation with publicly a...

EUVD-2026-16678

A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the Actions.php file specifically the savecategory action. The application fails to properly sanitize user input supplied to the "name" parameter. This allows an authenticated attacker to inject malicious S...

CVE-2026-30531

A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the Actions.php file specifically the savecategory action. The application fails to properly sanitize user input supplied to the "name" parameter. This allows an authenticated attacker to inject malicious S...

CVE-2026-30530

A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the Actions.php file specifically the savecustomer action. The application fails to properly sanitize user input supplied to the "username" parameter. This allows an attacker to inject malicious SQL command...

CVE-2022-26267

Piwigo v12.2.0 was discovered to contain an information leak via the action parameter in /admin/maintenanceactions.php...

EUVD-2025-24931

Malicious code in bioql PyPI...

CVE-2025-8973

A vulnerability has been found in SourceCodester Cashier Queuing System 1.0. Affected is an unknown function of the file /Actions.php. The manipulation of the argument Username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and m...

CVE-2025-8973 SourceCodester Cashier Queuing System Actions.php sql injection

A vulnerability has been found in SourceCodester Cashier Queuing System 1.0. Affected is an unknown function of the file /Actions.php. The manipulation of the argument Username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and m...

CVE-2025-8973 SourceCodester Cashier Queuing System Actions.php sql injection

A vulnerability has been found in SourceCodester Cashier Queuing System 1.0. Affected is an unknown function of the file /Actions.php. The manipulation of the argument Username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and m...

CVE-2025-8973

Summary: CVE-2025-8973 affects SourceCodester Cashier Queuing System 1.0. Affected component: the unknown function in the file /Actions.php where manipulating the Username argument leads to a SQL injection. The vulnerability appears exploitable remotely and has public disclosure. Root cause: impr...

SourceCodester Cashier Queuing System SQL注入漏洞

SourceCodester Cashier Queuing System is an open source cashier queuing system from SourceCodester. A security vulnerability exists in SourceCodester Cashier Queuing System version 1.0, which originates from a SQL injection due to incorrect manipulation of the parameter Username in the file...

PT-2025-15416 · WordPress · Motors – Car Dealership & Classified Listings Plugin

Name of the Vulnerable Software and Affected Versions: Motors – Car Dealership & Classified Listings Plugin versions up to, and including, 1.4.66 Description: The issue allows authenticated attackers with Subscriber-level access and above to execute several initial set-up actions due to a missing...

PT-2024-23209 · Sourcecodester · Sourcecodester Simple Subscription Website

Name of the Vulnerable Software and Affected Versions: SourceCodester Simple Subscription Website version 1.0 Description: A critical vulnerability has been found in the software. The issue is related to the manipulation of the title argument, which leads to SQL injection. This can be exploited...

VulnCheck KEV: CVE-2020-20627

The includes/gateways/stripe/includes/admin/admin-actions.php in GiveWP plugin through 2.5.9 for WordPress allows unauthenticated settings change...

CVE-2022-3495

A vulnerability has been found in SourceCodester Simple Online Public Access Catalog 1.0 and classified as critical. This vulnerability affects unknown code of the file /opac/Actions.php?a=login of the component Admin Login. The manipulation of the argument username/password leads to sql injectio...

Pharmacy Point Of Sale System 1.0 SQL Injection

Exploit Title: Pharmacy Point of Sale System 1.0 - 'Multiple' SQL Injection SQLi Date: 28.09.2021 Exploit Author: Murat Vendor Homepage: https://www.sourcecodester.com/php/14957/pharmacy-point-sale-system-using-php-and-sqlite-free-source-code.html Software Link:...