CVE-2026-4900 code-projects Online Food Ordering System localhost.sql privilege escalation

A weakness has been identified in code-projects Online Food Ordering System 1.0. This affects an unknown part of the file /dbfood/localhost.sql. This manipulation causes files or directories accessible. The attack can be initiated remotely. The exploit has been made available to the public and...

CVE-2026-4900 code-projects Online Food Ordering System localhost.sql privilege escalation

A weakness has been identified in code-projects Online Food Ordering System 1.0. This affects an unknown part of the file /dbfood/localhost.sql. This manipulation causes files or directories accessible. The attack can be initiated remotely. The exploit has been made available to the public and...

CVE-2026-4899

The CVE-2026-4899 entry concerns code-projects Online Food Ordering System 1.0. The issue affects the file /dbfood/food.php, where manipulation of the cuisines parameter leads to cross-site scripting. The description states the attack can be launched remotely and that the exploit has been release...

CVE-2026-4899 code-projects Online Food Ordering System food.php cross site scripting

A security flaw has been discovered in code-projects Online Food Ordering System 1.0. Affected by this issue is some unknown functionality of the file /dbfood/food.php. The manipulation of the argument cuisines results in cross site scripting. It is possible to launch the attack remotely. The...

CVE-2026-4898 code-projects Online Food Ordering System contact.php cross site scripting

A vulnerability was identified in code-projects Online Food Ordering System 1.0. Affected by this vulnerability is an unknown functionality of the file /dbfood/contact.php. The manipulation of the argument Name leads to cross site scripting. It is possible to initiate the attack remotely. The...

CVE-2026-4898 code-projects Online Food Ordering System contact.php cross site scripting

A vulnerability was identified in code-projects Online Food Ordering System 1.0. Affected by this vulnerability is an unknown functionality of the file /dbfood/contact.php. The manipulation of the argument Name leads to cross site scripting. It is possible to initiate the attack remotely. The...

CVE-2026-4784

A vulnerability was found in code-projects Simple Laundry System 1.0. This affects an unknown function of the file /checkcheckout.php of the component Parameter Handler. The manipulation of the argument serviceId results in sql injection. It is possible to launch the attack remotely. The exploit...

CVE-2026-4850 code-projects Simple Laundry System Parameter checkregisitem.php sql injection

A security flaw has been discovered in code-projects Simple Laundry System 1.0. Affected is an unknown function of the file /checkregisitem.php of the component Parameter Handler. The manipulation of the argument Long-arm-shirtVol results in sql injection. The attack may be launched remotely. The...

CVE-2026-4850 code-projects Simple Laundry System Parameter checkregisitem.php sql injection

A security flaw has been discovered in code-projects Simple Laundry System 1.0. Affected is an unknown function of the file /checkregisitem.php of the component Parameter Handler. The manipulation of the argument Long-arm-shirtVol results in sql injection. The attack may be launched remotely. The...

CVE-2026-4849 code-projects Simple Laundry System Parameter modify.php cross site scripting

A vulnerability was identified in code-projects Simple Laundry System 1.0. This impacts an unknown function of the file /modify.php of the component Parameter Handler. The manipulation of the argument firstName leads to cross site scripting. The attack may be initiated remotely. The exploit is...

CVE-2026-4849

CVE-2026-4849 affects code-projects Simple Laundry System 1.0. The vulnerability is in the /modify.php file within the Parameter Handler, where manipulating the firstName argument leads to cross-site scripting (XSS). The impact is described as Low integrity impact with no confidentiality or avail...

CVE-2026-4844 code-projects Online Food Ordering System Admin Login admin.php sql injection

A vulnerability was detected in code-projects Online Food Ordering System 1.0. This issue affects some unknown processing of the file /admin.php of the component Admin Login Module. The manipulation of the argument Username results in sql injection. The attack may be performed from remote. The...

CVE-2026-4836 code-projects Accounting System delete.php sql injection

A vulnerability was detected in code-projects Accounting System 1.0. The affected element is an unknown function of the file /myaccount/delete.php. Performing a manipulation of the argument cosid results in sql injection. It is possible to initiate the attack remotely. The exploit is now public a...

CVE-2026-4836

CVE-2026-4836 affects code-projects Accounting System 1.0. The vulnerability lies in the delete.php handling of the cos_id parameter, enabling SQL injection. Exploitation is possible remotely and exploitation is demonstrated as a Proof-of-Concept in the references. The CVSS metrics indicate a MED...

CVE-2026-4836 code-projects Accounting System delete.php sql injection

A vulnerability was detected in code-projects Accounting System 1.0. The affected element is an unknown function of the file /myaccount/delete.php. Performing a manipulation of the argument cosid results in sql injection. It is possible to initiate the attack remotely. The exploit is now public a...

CVE-2026-4835 code-projects Accounting System Web Application add_costumer.php cross site scripting

A security vulnerability has been detected in code-projects Accounting System 1.0. Impacted is an unknown function of the file /myaccount/addcostumer.php of the component Web Application Interface. Such manipulation of the argument costumername leads to cross site scripting. The attack may be...

CVE-2026-4835 code-projects Accounting System Web Application add_costumer.php cross site scripting

A security vulnerability has been detected in code-projects Accounting System 1.0. Impacted is an unknown function of the file /myaccount/addcostumer.php of the component Web Application Interface. Such manipulation of the argument costumername leads to cross site scripting. The attack may be...

CVE-2026-4835

The CVE covers code-projects Accounting System 1.0, where the argument costumer_name in /my_account/add_costumer.php can be manipulated to trigger cross-site scripting in the Web Application Interface. The vulnerability is exploitable remotely and the exploit is public. Impact is limited to low i...

Code-Projects Simple Laundry System 代码注入漏洞

Code-Projects Simple Laundry System is an open-source system developed by Code-Projects, designed for managing laundry shop operations. It offers features such as order management, customer management, and inventory management. Version 1.0 of Code-Projects Simple Laundry System contains a code...

Code-Projects Online Food Ordering System SQL注入漏洞

The Code-Projects Online Food Ordering System is an open-source online meal ordering system developed by Code-Projects. Version 1.0 of the Code-Projects Online Food Ordering System contains a SQL injection vulnerability. This vulnerability stems from incorrect handling of the 'del' parameter in t...