PT-2026-35381

A security vulnerability has been detected in code-projects Invoice System in Laravel 1.0. This affects an unknown function. Such manipulation leads to cross-site request forgery. The attack may be performed from remote. The exploit has been disclosed publicly and may be used...

Code-Projects Online Lot Reservation System 注入漏洞

Code-Projects Online Lot Reservation System is an open-source online reservation system developed by Code-Projects. Versions of the Code-Projects Online Lot Reservation System prior to 1.0 contained a SQL injection vulnerability, which stemmed from the handling of parameters email/password in the...

Code-Projects Invoice System in Laravel 安全漏洞

Code-Projects Invoice System in Laravel is an open-source invoice system developed by Code-Projects. Version 1.0 of the Code-Projects Invoice System in Laravel contained a security vulnerability. This vulnerability stemmed from an unknown function in the API Endpoint component, specifically the...

Code-Projects Inventory Management System 注入漏洞

The Code-Projects Inventory Management System is an open-source inventory management system developed by Code-Projects. Version 1.0 of the Code-Projects Inventory Management System has a vulnerability related to injection attacks. This vulnerability stems from the handling of the Username paramet...

Code-Projects Online Lot Reservation System 路径遍历漏洞

The Code-Projects Online Lot Reservation System is an open-source online reservation system developed by Code-Projects. Versions of the system prior to 1.0 contained a path traversal vulnerability. This vulnerability stemmed from the readfile function in the file/download.php, which handled the...

Code-Projects Invoice System in Laravel 访问控制错误漏洞

Code-Projects Invoice System in Laravel is an open-source invoice system developed by Code-Projects. Version 1.0 of the Code-Projects Invoice System in Laravel contained a access control vulnerability. This vulnerability was caused by an unknown function in the /company file, which allowed...

PT-2026-35447

A vulnerability was identified in code-projects Online Lot Reservation System 1.0. Affected is an unknown function of the file /edithousepic.php. Such manipulation of the argument image leads to unrestricted upload. The attack can be launched remotely. The exploit is publicly available and might ...

Code-Projects Employee Management System 注入漏洞

Code-Projects Employee Management System is an open-source employee management system developed by Code-Projects. Version 1.0 of the Code-Projects Employee Management System has a SQL injection vulnerability. This vulnerability arises from the operation of an unknown function in the...

Code-Projects Online Lot Reservation System 访问控制错误漏洞

The Code-Projects Online Lot Reservation System is an open-source online reservation system developed by Code-Projects. Version 1.0 of the Code-Projects Online Lot Reservation System contains a vulnerability related to access control. This vulnerability stems from the handling of the directory...

Code-Projects Employee Management System 注入漏洞

Code-Projects Employee Management System is an open-source employee management system developed by Code-Projects. Version 1.0 of the Code-Projects Employee Management System has a SQL injection vulnerability. This vulnerability arises from unknown operations on parameter IDs in the...

Code-Projects Chat System 加密问题漏洞

Code-Projects Chat System is an open-source chat system developed by Code-Projects. Version 1.0 of the code-projects Chat System has a security vulnerability related to encryption. This vulnerability stems from the parameter “Password” in the MD5 Hash Handler component’s “updateuser.php” file,...

Code-Projects Invoice System in Laravel 安全漏洞

Code-Projects Invoice System in Laravel is an open-source invoice system developed by Code-Projects. Version 1.0 of the Code-Projects Invoice System in Laravel contained a security vulnerability. This vulnerability stemmed from improper handling of parameter IDs in the .profile/ file within the...

CVE-2026-7063

The CVE-2026-7063 entry concerns code-projects Employee Management System 1.0, specifically the Endpoint component’s file /370project/process/eprocess.php. The vulnerability arises from manipulating the pwd argument, leading to SQL injection. Exploitation is described as remote and the exploit is...

CVE-2026-7063 code-projects Employee Management System Endpoint eprocess.php sql injection

A vulnerability was detected in code-projects Employee Management System 1.0. This vulnerability affects unknown code of the file /370project/process/eprocess.php of the component Endpoint. Performing a manipulation of the argument pwd results in sql injection. The attack is possible to be carrie...

Code-Projects Employee Management System 注入漏洞

Code-Projects Employee Management System is an open-source employee management system developed by Code-Projects. Version 1.0 of the Code-Projects Employee Management System has a SQL injection vulnerability. This vulnerability arises from improper handling of the pwd parameter in the...

CVE-2026-6202 code-projects Easy Blog Site post.php sql injection

A security flaw has been discovered in code-projects Easy Blog Site 1.0. This affects an unknown function of the file post.php. Performing a manipulation of the argument tags results in sql injection. The attack may be initiated remotely. The exploit has been released to the public and may be use...

CVE-2026-6202 code-projects Easy Blog Site post.php sql injection

A security flaw has been discovered in code-projects Easy Blog Site 1.0. This affects an unknown function of the file post.php. Performing a manipulation of the argument tags results in sql injection. The attack may be initiated remotely. The exploit has been released to the public and may be use...

Stored-Cross-Site-Scripting-XSS-in-Donor-Registration-Leading-to-Admin-Session-Hijacking

Stored XSS in BloodBank Managing System — Donor Registration...

CVE-2026-6184

The vulnerability CVE-2026-6184 affects code-projects Simple Content Management System 1.0. A weakness exists in an unknown part of /web/admin/welcome.php where manipulating the argument News Title can result in cross-site scripting. Exploitation can be performed remotely, and public exploits are...

CVE-2026-6183 code-projects Simple Content Management System index.php sql injection

A security flaw has been discovered in code-projects Simple Content Management System 1.0. Affected by this issue is some unknown functionality of the file /web/index.php. Performing a manipulation of the argument ID results in sql injection. Remote exploitation of the attack is possible. The...