CVE-2025-12855

The CVE-2025-12855 entry covers code-projects Responsive Hotel Site 1.0, where the /admin/newsletterdel.php file is vulnerable. The root cause is lack of validation of the eid parameter, enabling SQL injection with remote exploitation. Multiple connected sources (CNVD, RH Red Hat, NVD mirrors, an...

PT-2025-45421

Name of the Vulnerable Software and Affected Versions code-projects Responsive Hotel Site version 1.0 Description A security flaw exists in code-projects Responsive Hotel Site version 1.0, specifically within the processing of the /admin/newsletterdel.php file. Manipulation of the eid argument ca...

Code-Projects Responsive Hotel Site SQL注入漏洞

Responsive Hotel Site is a responsive hotel website. Responsive Hotel Site suffers from a SQL injection vulnerability that originates from a lack of validation of externally entered SQL statements in the parameter rid in the file /admin/roombook.php. An attacker can exploit this vulnerability to...

CVE-2025-12593 code-projects Simple Online Hotel Reservation System Photo edit_room.php unrestricted upload

A vulnerability was identified in code-projects Simple Online Hotel Reservation System 2.0. The impacted element is an unknown function of the file /admin/editroom.php of the component Photo Handler. The manipulation leads to unrestricted upload. The attack is possible to be carried out remotely...

CVE-2025-12593

CVE-2025-12593 affects code-projects Simple Online Hotel Reservation System 2.0. The Photo Handler component, via /admin/edit_room.php, lacks validation for uploaded files, enabling unrestricted file uploads. Exploitation is possible remotely and a public exploit exists. Connected sources do not ...

PT-2025-44732

Name of the Vulnerable Software and Affected Versions code-projects Simple Online Hotel Reservation System version 2.0 Description A security flaw exists in code-projects Simple Online Hotel Reservation System 2.0. The issue involves a SQL injection affecting an unknown function within the...

CVE-2025-63622

A vulnerability was found in code-projects Online Complaint Site 1.0. This issue affects some unknown processing of the file /cms/admin/subcategory.php. This manipulation of the argument category causes SQL injection...

EUVD-2025-36669

A vulnerability was found in code-projects Online Complaint Site 1.0. This issue affects some unknown processing of the file /cms/admin/subcategory.php. This manipulation of the argument category causes SQL injection...

CVE-2025-63622

A vulnerability was found in code-projects Online Complaint Site 1.0. This issue affects some unknown processing of the file /cms/admin/subcategory.php. This manipulation of the argument category causes SQL injection...

Code-Projects Online Complaint Site 安全漏洞

Code-Projects Online Complaint Site is an online complaint site for Code-Projects. A security vulnerability exists in Code-Projects Online Complaint Site version 1.0, which stems from incorrect manipulation of the parameter category in the file /cms/admin/subcategory.php, which could lead to a SQ...

CVE-2025-63622

A vulnerability was found in code-projects Online Complaint Site 1.0. This issue affects some unknown processing of the file /cms/admin/subcategory.php. This manipulation of the argument category causes SQL injection...

PT-2025-44307

Name of the Vulnerable Software and Affected Versions code-projects Online Complaint Site version 1.0 Description A flaw exists in the processing of the file '/cms/admin/subcategory.php' within the software. The issue involves a SQL injection that occurs due to manipulation of the category...

CVE-2025-12334

A vulnerability was found in code-projects E-Commerce Website 1.0. Affected is an unknown function of the file /pages/productadd.php. The manipulation of the argument prodname/proddesc/prodcost results in cross site scripting. It is possible to launch the attack remotely. The exploit has been mad...

CVE-2025-12282

A vulnerability was identified in code-projects Client Details System 1.0. The affected element is an unknown function of the file /admin/manage-users.php. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit is publicly available and might be used...

CVE-2025-12263

A vulnerability was identified in code-projects Online Event Judging System 1.0. Affected is an unknown function of the file /editjudge.php. The manipulation of the argument judgeid leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and might be used...

CVE-2025-12378 code-projects Simple Food Ordering System addproduct.php unrestricted upload

A security flaw has been discovered in code-projects Simple Food Ordering System 1.0. This issue affects some unknown processing of the file /addproduct.php. Performing manipulation of the argument photo results in unrestricted upload. The attack may be initiated remotely. The exploit has been...

CVE-2025-12335

A vulnerability was determined in code-projects E-Commerce Website 1.0. Affected by this vulnerability is an unknown functionality of the file /pages/supplierupdate.php. This manipulation of the argument suppname/suppaddress causes cross site scripting. The attack can be initiated remotely. The...

CVE-2025-12335

A vulnerability was determined in code-projects E-Commerce Website 1.0. Affected by this vulnerability is an unknown functionality of the file /pages/supplierupdate.php. This manipulation of the argument suppname/suppaddress causes cross site scripting. The attack can be initiated remotely. The...

Code-Projects Simple Food Ordering System 代码问题漏洞

Simple Food Ordering System is a simple food ordering system. Simple Food Ordering System has a file upload vulnerability that stems from the lack of valid validation of uploaded files by the parameter photo in the file /addproduct.php. No details of the vulnerability are available at this time...

CVE-2025-12335

CVE-2025-12335 affects code-projects E-Commerce Website 1.0. The vulnerability resides in /pages/supplier_update.php where unsafely handling the supp_name and supp_address parameters enables cross-site scripting. The issue can be triggered remotely, and the exploit has been publicly disclosed. Mu...