CVE-2025-9921 code-projects POS Pharmacy System products.php cross site scripting

A weakness has been identified in code-projects POS Pharmacy System 1.0. Affected is an unknown function of the file /main/products.php. This manipulation of the argument productcode/genname/productname/supplier causes cross site scripting. The attack can be initiated remotely. The exploit has be...

CVE-2025-9921

CVE-2025-9921 affects Code-projects POS Pharmacy System 1.0. The vulnerability is a cross-site scripting (XSS) flaw in an unknown function of the file /main/products.php, triggered by manipulating one or more arguments—product_code, gen_name, product_name, or supplier. The issue can be exploited ...

Code-Projects POS Pharmacy System 安全漏洞

Code-Projects POS Pharmacy System is a pos pharmacy system from Code-Projects open source. A security vulnerability exists in Code-Projects POS Pharmacy System version 1.0, which originates from a cross-site scripting attack due to incorrect manipulation of the parameters...

CVE-2025-9841 code-projects Mobile Shop Management System AddNewProduct.php unrestricted upload

A security vulnerability has been detected in code-projects Mobile Shop Management System 1.0. This affects an unknown function of the file AddNewProduct.php. The manipulation of the argument ProductImage leads to unrestricted upload. The attack is possible to be carried out remotely. The exploit...

CVE-2025-9741

A vulnerability was determined in code-projects Human Resource Integrated System 1.0. This vulnerability affects unknown code of the file /loginquery12.php. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been publicly...

CVE-2025-9741

A vulnerability was determined in code-projects Human Resource Integrated System 1.0. This vulnerability affects unknown code of the file /loginquery12.php. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been publicly...

CVE-2025-9742 code-projects Human Resource Integrated System login.php sql injection

A vulnerability was identified in code-projects Human Resource Integrated System 1.0. This issue affects some unknown processing of the file /login.php. Such manipulation of the argument user/pass leads to sql injection. It is possible to launch the attack remotely. The exploit is publicly...

CVE-2025-9742

CVE-2025-9742 affects code-projects' Human Resource Integrated System 1.0. The vulnerability arises from improper handling of the login.php input, where manipulation of the user/pass parameters enables SQL injection. Impact stated in sources includes potential remote exploitation and data exposur...

CVE-2025-9742 code-projects Human Resource Integrated System login.php sql injection

A vulnerability was identified in code-projects Human Resource Integrated System 1.0. This issue affects some unknown processing of the file /login.php. Such manipulation of the argument user/pass leads to sql injection. It is possible to launch the attack remotely. The exploit is publicly...

CVE-2025-9741

Summary: CVE-2025-9741 affects code-projects Human Resource Integrated System 1.0, specifically the /login_query12.php file. The issue is a SQL injection caused by lack of validation of the ID parameter in that file. An attacker can remotely exploit this vulnerability, and a public exploit exists...

CVE-2025-9741 code-projects Human Resource Integrated System login_query12.php sql injection

A vulnerability was determined in code-projects Human Resource Integrated System 1.0. This vulnerability affects unknown code of the file /loginquery12.php. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been publicly...

CVE-2025-9740

CVE-2025-9740 affects code-projects Human Resource Integrated System 1.0. The vulnerability is in /log_query.php where manipulation of the ID parameter enables SQL injection, with remote exploitation and public availability of the exploit. Multiple sources corroborate the issue across vendors and...

CVE-2025-9733

A security flaw has been discovered in code-projects Human Resource Integrated System 1.0. This impacts an unknown function of the file /logintimeee.php. Performing manipulation of the argument empid results in sql injection. The attack may be initiated remotely. The exploit has been released to...

CVE-2025-9733 code-projects Human Resource Integrated System login_timeee.php sql injection

A security flaw has been discovered in code-projects Human Resource Integrated System 1.0. This impacts an unknown function of the file /logintimeee.php. Performing manipulation of the argument empid results in sql injection. The attack may be initiated remotely. The exploit has been released to...

CVE-2025-9733

CVE-2025-9733 affects code-projects Human Resource Integrated System 1.0. The vulnerable component is the file /login_timeee.php where manipulation of the parameter emp_id enables SQL injection . Root cause is insufficient validation/handling of external input in that parameter, allowing remote e...

PT-2025-35424

Name of the Vulnerable Software and Affected Versions: code-projects Human Resource Integrated System version 1.0 Description: A security flaw exists in code-projects Human Resource Integrated System version 1.0. The issue involves a SQL injection affecting an unknown function within the login...

CVE-2025-9667

Summary: CVE-2025-9667 affects code-projects Simple Grading System 1.0, specifically the Admin Panel file /delete_account.php. The vulnerability arises from improper handling of the ID parameter, allowing SQL injection that can be exploited remotely and publicly disclosed. Affected component: Sim...

CVE-2025-9665 code-projects Simple Grading System Admin Panel edit_student.php sql injection

A weakness has been identified in code-projects Simple Grading System 1.0. Affected by this vulnerability is an unknown functionality of the file /editstudent.php of the component Admin Panel. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The...

CVE-2025-9664

A security flaw has been discovered in code-projects Simple Grading System 1.0. Affected is an unknown function of the file /addstudentgrade.php of the component Admin Panel. The manipulation of the argument Add results in sql injection. It is possible to launch the attack remotely. The exploit h...

CVE-2025-9664 code-projects Simple Grading System Admin Panel add_student_grade.php sql injection

A security flaw has been discovered in code-projects Simple Grading System 1.0. Affected is an unknown function of the file /addstudentgrade.php of the component Admin Panel. The manipulation of the argument Add results in sql injection. It is possible to launch the attack remotely. The exploit h...