374 matches found
CVE-2026-14694
A vulnerability has been found in SourceCodester Multi-Vendor Online Grocery Management System 1.0. Affected by this issue is the function cancelorder of the file classes/Master.php of the component POST Parameter Handler. The manipulation of the argument ID leads to sql injection. It is possible...
CVE-2026-14692
A vulnerability was detected in SourceCodester Multi-Vendor Online Grocery Management System 1.0/5.7.26. Affected is the function saveshoptype of the file classes/Master.php of the component POST Parameter Handler. Performing a manipulation results in sql injection. The attack is possible to be...
CVE-2026-14694
SourceCodester Multi-Vendor Online Grocery Management System 1.0 is affected. The issue lies in the cancel_order function (classes/Master.php, POST Parameter Handler) where manipulating the ID parameter enables SQL injection. The vulnerability can be exploited remotely and the exploit has been di...
CVE-2026-14693
SourceCodester Multi-Vendor Online Grocery Management System 1.0 contains a vulnerability in the cancel_order function (classes/Master.php) that allows improper authorization via remote manipulation. The issue has an exploit published and is considered exploitable with proof-of-concept maturity. ...
CVE-2026-14692
The CVE-2026-14692 entry concerns SourceCodester Multi-Vendor Online Grocery Management System 1.0/5.7.26 where the function save_shop_type in classes/Master.php (POST Parameter Handler) is vulnerable to SQL injection. The vulnerability can be exploited remotely, and the exploit is publicly avail...
PT-2026-55755
Name of the Vulnerable Software and Affected Versions SourceCodester Multi-Vendor Online Grocery Management System versions 1.0 through 5.7.26 Description Remote manipulation of the POST Parameter Handler component leads to SQL injection, a technique where malicious SQL statements are inserted in...
CVE-2026-11501 SourceCodester Hospitals Patient Records Management System Master.php save_patient sql injection
A security flaw has been discovered in SourceCodester Hospitals Patient Records Management System 1.0. This issue affects some unknown processing of the file /classes/Master.php?f=savepatient. The manipulation of the argument ID results in sql injection. It is possible to launch the attack...
CVE-2026-9355
A flaw has been found in SourceCodester Hospitals Patient Records Management System 1.0. The impacted element is an unknown function of the file /classes/Master.php?f=savepatienthistory. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely...
CVE-2026-9355 SourceCodester Hospitals Patient Records Management System Master.php save_patient_history sql injection
A flaw has been found in SourceCodester Hospitals Patient Records Management System 1.0. The impacted element is an unknown function of the file /classes/Master.php?f=savepatienthistory. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely...
SourceCodester Online Mens Salon Management 安全漏洞
SourceCodester Online Mens Salon Management is an open-source online men’s salon management system developed by SourceCodester. Version 1.0 of SourceCodester Online Mens Salon Management contains a security vulnerability, which stems from SQL injection in the /classes/Master.php?f=deleteservice...
PT-2026-22753
Sourcecodester Simple Online Men's Salon Management System v1.0 is vulnerable to SQL Injection in /classes/Master.php?f=delete service...
PT-2026-21246
Name of the Vulnerable Software and Affected Versions SourceCodester Simple Responsive Tourism Website version 1.0 Description A flaw exists in SourceCodester Simple Responsive Tourism Website that allows for SQL injection. This issue is related to the manipulation of the Username argument within...
CVE-2026-2160
The CVE-2026-2160 entry affects SourceCodester Simple Responsive Tourism Website 1.0. Affected component: /tourism/classes/Master.php?f=save_package. The vulnerability arises from manipulating the Title parameter, enabling cross-site scripting. Exploitation can be performed remotely and public ex...
CVE-2026-2159 SourceCodester Simple Responsive Tourism Website Registration Master.php cross site scripting
A flaw has been found in SourceCodester Simple Responsive Tourism Website 1.0. Affected is an unknown function of the file /tourism/classes/Master.php?f=register of the component Registration. Executing a manipulation of the argument firstname/lastname/username can lead to cross site scripting. I...
CVE-2022-33058
Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=deletemessage...
CVE-2022-31973
Online Fire Reporting System v1.0 is vulnerable to Delete any file via /ofrs/classes/Master.php?f=deleteimg...
CVE-2022-31906
Online Fire Reporting System v1.0 is vulnerable to Cross Site Scripting XSS via /ofrs/classes/Master.php...
CVE-2022-31912
Online Tutor Portal Site v1.0 is vulnerable to SQL Injection via /otps/classes/Master.php?f=deleteteam...
CVE-2022-31354
Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/classes/Master.php?f=getvehicleservice...
CVE-2022-31945
Rescue Dispatch Management System v1.0 is vulnerable to Delete any file via /rdms/classes/Master.php?f=deleteimg...