374 matches found
CVE-2026-14694
A vulnerability has been found in SourceCodester Multi-Vendor Online Grocery Management System 1.0. Affected by this issue is the function cancelorder of the file classes/Master.php of the component POST Parameter Handler. The manipulation of the argument ID leads to sql injection. It is possible...
CVE-2026-14692
A vulnerability was detected in SourceCodester Multi-Vendor Online Grocery Management System 1.0/5.7.26. Affected is the function saveshoptype of the file classes/Master.php of the component POST Parameter Handler. Performing a manipulation results in sql injection. The attack is possible to be...
CVE-2026-14694
SourceCodester Multi-Vendor Online Grocery Management System 1.0 is affected. The issue lies in the cancel_order function (classes/Master.php, POST Parameter Handler) where manipulating the ID parameter enables SQL injection. The vulnerability can be exploited remotely and the exploit has been di...
CVE-2026-14693
SourceCodester Multi-Vendor Online Grocery Management System 1.0 contains a vulnerability in the cancel_order function (classes/Master.php) that allows improper authorization via remote manipulation. The issue has an exploit published and is considered exploitable with proof-of-concept maturity. ...
CVE-2026-14692
The CVE-2026-14692 entry concerns SourceCodester Multi-Vendor Online Grocery Management System 1.0/5.7.26 where the function save_shop_type in classes/Master.php (POST Parameter Handler) is vulnerable to SQL injection. The vulnerability can be exploited remotely, and the exploit is publicly avail...
PT-2026-55755
Name of the Vulnerable Software and Affected Versions SourceCodester Multi-Vendor Online Grocery Management System versions 1.0 through 5.7.26 Description Remote manipulation of the POST Parameter Handler component leads to SQL injection, a technique where malicious SQL statements are inserted in...
CVE-2026-11501 SourceCodester Hospitals Patient Records Management System Master.php save_patient sql injection
A security flaw has been discovered in SourceCodester Hospitals Patient Records Management System 1.0. This issue affects some unknown processing of the file /classes/Master.php?f=savepatient. The manipulation of the argument ID results in sql injection. It is possible to launch the attack...
CVE-2026-9355
A flaw has been found in SourceCodester Hospitals Patient Records Management System 1.0. The impacted element is an unknown function of the file /classes/Master.php?f=savepatienthistory. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely...
CVE-2026-9355 SourceCodester Hospitals Patient Records Management System Master.php save_patient_history sql injection
A flaw has been found in SourceCodester Hospitals Patient Records Management System 1.0. The impacted element is an unknown function of the file /classes/Master.php?f=savepatienthistory. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely...
PT-2026-22753
Sourcecodester Simple Online Men's Salon Management System v1.0 is vulnerable to SQL Injection in /classes/Master.php?f=delete service...
SourceCodester Online Mens Salon Management 安全漏洞
SourceCodester Online Mens Salon Management is an open-source online men’s salon management system developed by SourceCodester. Version 1.0 of SourceCodester Online Mens Salon Management contains a security vulnerability, which stems from SQL injection in the /classes/Master.php?f=deleteservice...
PT-2026-21246
Name of the Vulnerable Software and Affected Versions SourceCodester Simple Responsive Tourism Website version 1.0 Description A flaw exists in SourceCodester Simple Responsive Tourism Website that allows for SQL injection. This issue is related to the manipulation of the Username argument within...
CVE-2026-2160
The CVE-2026-2160 entry affects SourceCodester Simple Responsive Tourism Website 1.0. Affected component: /tourism/classes/Master.php?f=save_package. The vulnerability arises from manipulating the Title parameter, enabling cross-site scripting. Exploitation can be performed remotely and public ex...
CVE-2026-2159 SourceCodester Simple Responsive Tourism Website Registration Master.php cross site scripting
A flaw has been found in SourceCodester Simple Responsive Tourism Website 1.0. Affected is an unknown function of the file /tourism/classes/Master.php?f=register of the component Registration. Executing a manipulation of the argument firstname/lastname/username can lead to cross site scripting. I...
CVE-2022-33058
Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=deletemessage...
CVE-2022-31973
Online Fire Reporting System v1.0 is vulnerable to Delete any file via /ofrs/classes/Master.php?f=deleteimg...
CVE-2022-31906
Online Fire Reporting System v1.0 is vulnerable to Cross Site Scripting XSS via /ofrs/classes/Master.php...
CVE-2022-31912
Online Tutor Portal Site v1.0 is vulnerable to SQL Injection via /otps/classes/Master.php?f=deleteteam...
CVE-2022-31354
Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/classes/Master.php?f=getvehicleservice...
CVE-2022-31945
Rescue Dispatch Management System v1.0 is vulnerable to Delete any file via /rdms/classes/Master.php?f=deleteimg...