CVE-2026-9417

CVE-2026-9417 affects code-projects Employee Management System 1.0. The vulnerability is in the /myprofileup.php file where manipulating the argument ID enables cross-site scripting (XSS). The issue is exploitable remotely, and the exploit is public. No explicit remediation or affected versions b...

CVE-2026-9416

CVE-2026-9416 affects code-projects Employee Management System 1.0, specifically the /myprofile.php handler. The vulnerability arises from manipulating the ID argument to trigger a cross-site scripting (XSS) condition. The issue is exploitable remotely with user interaction required, and CVSS ind...

CVE-2026-9416 code-projects Employee Management System myprofile.php cross site scripting

A security vulnerability has been detected in code-projects Employee Management System 1.0. This impacts an unknown function of the file /myprofile.php. Such manipulation of the argument ID leads to cross site scripting. The attack can be executed remotely. The exploit has been disclosed publicly...

CVE-2026-9416 code-projects Employee Management System myprofile.php cross site scripting

A security vulnerability has been detected in code-projects Employee Management System 1.0. This impacts an unknown function of the file /myprofile.php. Such manipulation of the argument ID leads to cross site scripting. The attack can be executed remotely. The exploit has been disclosed publicly...

Code-Projects Employee Management System 代码注入漏洞

Code-Projects Employee Management System is a Code-Projects open source employee management system. A code injection vulnerability exists in code-projects Employee Management System version 1.0, which originates from the manipulation of the parameter ID by an unknown function in the /applyleave.p...

PT-2026-42991

A security vulnerability has been detected in code-projects Employee Management System 1.0. This impacts an unknown function of the file /myprofile.php. Such manipulation of the argument ID leads to cross site scripting. The attack can be executed remotely. The exploit has been disclosed publicly...

CVE-2026-8125 code-projects Simple Chat System sendMessage.php sql injection

A vulnerability was detected in code-projects Simple Chat System 1.0. This vulnerability affects unknown code of the file sendMessage.php. The manipulation of the argument type/length/business parameter validity results in sql injection. The attack may be launched remotely. The exploit is now...

CVE-2026-8098 code-projects Feedback System checklogin.php sql injection

A security vulnerability has been detected in code-projects Feedback System 1.0. Impacted is an unknown function of the file /admin/checklogin.php. Such manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly...

CVE-2026-7716 code-projects Gym Management System In PHP/Windows NT index.php sql injection

A vulnerability was found in code-projects Gym Management System In PHP and Windows NT 1.0. This vulnerability affects unknown code of the file /index.php. Performing a manipulation of the argument day results in sql injection. The attack can be initiated remotely. The exploit has been made publi...

CVE-2026-7632 code-projects Online Hospital Management System viewappointment.php sql injection

A vulnerability was determined in code-projects Online Hospital Management System 1.0. This affects an unknown function of the file /viewappointment.php. This manipulation of the argument delid causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly...

Code-Projects Online Hospital Management System 注入漏洞

Code-Projects Online Hospital Management System is an open-source online hospital management system developed by Code-Projects. Version 1.0 of the Code-Projects Online Hospital Management System has a vulnerability related to SQL injection, which arises from the use of unknown functions in the/vi...

CVE-2026-7110

A flaw has been found in code-projects Invoice System in Laravel 1.0. Affected is an unknown function of the file /item. Executing a manipulation of the argument item name/description can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been published an...

CVE-2026-7238

A vulnerability in code-projects Online Music Site 1.0 affects Administrator/PHP/AdminUpdateAlbum.php where manipulation of the txtimage argument enables unrestricted file upload. This remote exploitation is possible and an exploit has been published. The CVSS metrics indicate a Network attacker ...

CVE-2026-7229

CVE-2026-7229 affects code-projects Coaching Management System 1.0. The vulnerability resides in the POST Handler for the admin reply.php function under /cims/modules/admin/reply.php, where manipulating the complaintreply argument causes SQL injection. Remote execution is possible, and the exploi...

CVE-2026-7222 code-projects Coaching Management System Complaint Form complaint.php cross site scripting

A vulnerability was determined in code-projects Coaching Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /cims/modules/student/complaint.php of the component Complaint Form Page. This manipulation of the argument Complaint causes cross site scripting...

Code-Projects Online Music Site 访问控制错误漏洞

Code-Projects Online Music Site is an online music website developed by Code-Projects as open source. Version 1.0 of Code-Projects Online Music Site has a vulnerability related to access control. This vulnerability stems from the unlimited upload feature of the txtimage parameter in the...

CVE-2026-7134 code-projects Online Lot Reservation System edithousepic.php unrestricted upload

A vulnerability was identified in code-projects Online Lot Reservation System 1.0. Affected is an unknown function of the file /edithousepic.php. Such manipulation of the argument image leads to unrestricted upload. The attack can be launched remotely. The exploit is publicly available and might ...

CVE-2026-7133

The CVE-2026-7133 entry affects code-projects Online Lot Reservation System 1.0, specifically a vulnerability in /activity.php where manipulating the directory argument enables unrestricted upload. This can be triggered remotely and has publicly disclosed exploit details. The connected documents ...

CVE-2026-7133 code-projects Online Lot Reservation System activity.php unrestricted upload

A vulnerability was determined in code-projects Online Lot Reservation System 1.0. This impacts an unknown function of the file /activity.php. This manipulation of the argument directory causes unrestricted upload. The attack can be initiated remotely. The exploit has been publicly disclosed and...

CVE-2026-7131

The CVE-2026-7131 entry concerns code-projects Online Lot Reservation System (up to 1.0). The vulnerable component is an unknown function in /loginuser.php, where manipulation of the email/password parameters allows a SQL injection. The issue is exploitable remotely and, per the records, exploits...