CVE-2026-7134 code-projects Online Lot Reservation System edithousepic.php unrestricted upload

A vulnerability was identified in code-projects Online Lot Reservation System 1.0. Affected is an unknown function of the file /edithousepic.php. Such manipulation of the argument image leads to unrestricted upload. The attack can be launched remotely. The exploit is publicly available and might ...

CVE-2026-7132 code-projects Online Lot Reservation System download.php readfile path traversal

A vulnerability was found in code-projects Online Lot Reservation System up to 1.0. This affects the function readfile of the file /download.php. The manipulation of the argument File results in path traversal. It is possible to launch the attack remotely. The exploit has been made public and cou...

CVE-2026-7132

A vulnerability was found in code-projects Online Lot Reservation System up to 1.0. This affects the function readfile of the file /download.php. The manipulation of the argument File results in path traversal. It is possible to launch the attack remotely. The exploit has been made public and cou...

Code-Projects Online Lot Reservation System 路径遍历漏洞

The Code-Projects Online Lot Reservation System is an open-source online reservation system developed by Code-Projects. Versions of the system prior to 1.0 contained a path traversal vulnerability. This vulnerability stemmed from the readfile function in the file/download.php, which handled the...

PT-2026-30599

A vulnerability has been found in code-projects Online Application System for Admission 1.0. This issue affects some unknown processing of the file /enrollment/admsnform.php of the component Endpoint. Such manipulation leads to sql injection. The attack can be executed remotely. The exploit has...

CVE-2026-4972 code-projects Online Reviewer System btn_functions.php cross site scripting

A security vulnerability has been detected in code-projects Online Reviewer System up to 1.0. Affected is an unknown function of the file /system/system/students/assessments/databank/btnfunctions.php. Such manipulation of the argument Description leads to cross site scripting. The attack may be...

CVE-2026-4972 code-projects Online Reviewer System btn_functions.php cross site scripting

A security vulnerability has been detected in code-projects Online Reviewer System up to 1.0. Affected is an unknown function of the file /system/system/students/assessments/databank/btnfunctions.php. Such manipulation of the argument Description leads to cross site scripting. The attack may be...

CVE-2026-3736 code-projects Simple Flight Ticket Booking System SearchResultRoundtrip.php sql injection

A vulnerability was found in code-projects Simple Flight Ticket Booking System 1.0. Affected by this issue is some unknown functionality of the file SearchResultRoundtrip.php. Performing a manipulation of the argument from results in sql injection. The attack may be initiated remotely. The exploi...

CVE-2026-2706

A flaw has been found in code-projects Patient Record Management System 1.0. This affects an unknown function of the file /fecalysisnot.php. This manipulation of the argument compid causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used...

CVE-2026-2197

Code-projects Online Reviewer System 1.0 contains a SQL injection in an unknown function of /system/system/admins/assessments/pretest/exam-delete.php via the test_id parameter. The vulnerability can be exploited remotely and an exploit has been publicly disclosed. No additional remediation detail...

CVE-2026-2197 code-projects Online Reviewer System exam-delete.php sql injection

A vulnerability was determined in code-projects Online Reviewer System 1.0. Impacted is an unknown function of the file /system/system/admins/assessments/pretest/exam-delete.php. This manipulation of the argument testid causes sql injection. It is possible to initiate the attack remotely. The...

CVE-2026-2171 code-projects Online Student Management System Login accounts.php sql injection

A vulnerability was found in code-projects Online Student Management System 1.0. Affected is an unknown function of the file accounts.php of the component Login. Performing a manipulation of the argument username/password results in sql injection. The attack can be initiated remotely. The exploit...

CVE-2026-2171 code-projects Online Student Management System Login accounts.php sql injection

A vulnerability was found in code-projects Online Student Management System 1.0. Affected is an unknown function of the file accounts.php of the component Login. Performing a manipulation of the argument username/password results in sql injection. The attack can be initiated remotely. The exploit...

CVE-2026-2156

CVE-2026-2156 affects code-projects’ Online Student Management System version 1.0, specifically the Announcement Management Module . The vulnerability exists in an unknown function within the file /admin/announcement/index.php?view=add, enabling remote cross-site scripting through manipulation of...

PT-2026-6987

Name of the Vulnerable Software and Affected Versions code-projects Online Student Management System version 1.0 Description A flaw exists in the Announcement Management Module of code-projects Online Student Management System. This issue allows for cross site scripting through an unknown functio...

CVE-2026-1423

A vulnerability was determined in code-projects Online Examination System 1.0. Affected by this issue is some unknown functionality of the file /adminpic.php. Executing a manipulation can lead to unrestricted upload. The attack may be performed from remote. The exploit has been publicly disclosed...

CVE-2026-0850

A vulnerability was determined in code-projects Intern Membership Management System 1.0. Impacted is an unknown function of the file /admin/deleteactivity.php. Executing a manipulation of the argument activityid can lead to sql injection. The attack may be launched remotely. The exploit has been...

CVE-2026-0729 code-projects Intern Membership Management System add_activity.php sql injection

A vulnerability was detected in code-projects Intern Membership Management System 1.0. Impacted is an unknown function of the file /intern/admin/addactivity.php. Performing a manipulation of the argument Title results in sql injection. Remote exploitation of the attack is possible. The exploit is...

CVE-2026-0699

CVE-2026-0699 affects Code-Projects Intern Membership Management System 1.0. The vulnerability is an SQL injection in the /intern/admin/edit_activity.php function triggered by manipulating the activity_id parameter. Remote exploitation is possible and the exploit is public. Multiple sources agree...

CVE-2026-0698 code-projects Intern Membership Management System edit_students.php sql injection

A vulnerability has been found in code-projects Intern Membership Management System 1.0. This affects an unknown function of the file /intern/admin/editstudents.php. Such manipulation of the argument adminid leads to sql injection. The attack may be launched remotely. The exploit has been disclos...