Lucene search
K

374 matches found

NVD
NVD
added 2026/07/05 3:16 a.m.10 views

CVE-2026-14694

A vulnerability has been found in SourceCodester Multi-Vendor Online Grocery Management System 1.0. Affected by this issue is the function cancelorder of the file classes/Master.php of the component POST Parameter Handler. The manipulation of the argument ID leads to sql injection. It is possible...

6.5CVSS0.002EPSS
Exploits0References6
NVD
NVD
added 2026/07/05 3:16 a.m.9 views

CVE-2026-14692

A vulnerability was detected in SourceCodester Multi-Vendor Online Grocery Management System 1.0/5.7.26. Affected is the function saveshoptype of the file classes/Master.php of the component POST Parameter Handler. Performing a manipulation results in sql injection. The attack is possible to be...

6.5CVSS0.002EPSS
Exploits0References6
CVE
CVE
added 2026/07/05 2:30 a.m.15 views

CVE-2026-14694

SourceCodester Multi-Vendor Online Grocery Management System 1.0 is affected. The issue lies in the cancel_order function (classes/Master.php, POST Parameter Handler) where manipulating the ID parameter enables SQL injection. The vulnerability can be exploited remotely and the exploit has been di...

6.5CVSS6.5AI score0.002EPSS
Exploits0References6
CVE
CVE
added 2026/07/05 2:15 a.m.16 views

CVE-2026-14693

SourceCodester Multi-Vendor Online Grocery Management System 1.0 contains a vulnerability in the cancel_order function (classes/Master.php) that allows improper authorization via remote manipulation. The issue has an exploit published and is considered exploitable with proof-of-concept maturity. ...

5.5CVSS5.8AI score0.0023EPSS
Exploits0References6
CVE
CVE
added 2026/07/05 2:0 a.m.19 views

CVE-2026-14692

The CVE-2026-14692 entry concerns SourceCodester Multi-Vendor Online Grocery Management System 1.0/5.7.26 where the function save_shop_type in classes/Master.php (POST Parameter Handler) is vulnerable to SQL injection. The vulnerability can be exploited remotely, and the exploit is publicly avail...

6.5CVSS6.5AI score0.002EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/07/05 12:0 a.m.15 views

PT-2026-55755

Name of the Vulnerable Software and Affected Versions SourceCodester Multi-Vendor Online Grocery Management System versions 1.0 through 5.7.26 Description Remote manipulation of the POST Parameter Handler component leads to SQL injection, a technique where malicious SQL statements are inserted in...

6.5CVSS6.6AI score0.002EPSS
Exploits0References9
Cvelist
Cvelist
added 2026/06/08 9:15 a.m.42 views

CVE-2026-11501 SourceCodester Hospitals Patient Records Management System Master.php save_patient sql injection

A security flaw has been discovered in SourceCodester Hospitals Patient Records Management System 1.0. This issue affects some unknown processing of the file /classes/Master.php?f=savepatient. The manipulation of the argument ID results in sql injection. It is possible to launch the attack...

7.5CVSS0.00263EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/05/26 8:14 p.m.11 views

CVE-2026-9355

A flaw has been found in SourceCodester Hospitals Patient Records Management System 1.0. The impacted element is an unknown function of the file /classes/Master.php?f=savepatienthistory. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely...

7.5CVSS6.9AI score0.00254EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/24 4:45 a.m.19 views

CVE-2026-9355 SourceCodester Hospitals Patient Records Management System Master.php save_patient_history sql injection

A flaw has been found in SourceCodester Hospitals Patient Records Management System 1.0. The impacted element is an unknown function of the file /classes/Master.php?f=savepatienthistory. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely...

7.5CVSS0.00254EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/03/03 12:0 a.m.10 views

SourceCodester Online Mens Salon Management 安全漏洞

SourceCodester Online Mens Salon Management is an open-source online men’s salon management system developed by SourceCodester. Version 1.0 of SourceCodester Online Mens Salon Management contains a security vulnerability, which stems from SQL injection in the /classes/Master.php?f=deleteservice...

2.7CVSS5.8AI score0.0022EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/03/03 12:0 a.m.12 views

PT-2026-22753

Sourcecodester Simple Online Men's Salon Management System v1.0 is vulnerable to SQL Injection in /classes/Master.php?f=delete service...

6AI score0.0022EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/02/20 12:0 a.m.14 views

PT-2026-21246

Name of the Vulnerable Software and Affected Versions SourceCodester Simple Responsive Tourism Website version 1.0 Description A flaw exists in SourceCodester Simple Responsive Tourism Website that allows for SQL injection. This issue is related to the manipulation of the Username argument within...

9.8CVSS7.1AI score0.00326EPSS
Exploits2References8
CVE
CVE
added 2026/02/08 3:32 p.m.21 views

CVE-2026-2160

The CVE-2026-2160 entry affects SourceCodester Simple Responsive Tourism Website 1.0. Affected component: /tourism/classes/Master.php?f=save_package. The vulnerability arises from manipulating the Title parameter, enabling cross-site scripting. Exploitation can be performed remotely and public ex...

6.1CVSS3.7AI score0.00262EPSS
Exploits1References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/08 3:32 p.m.5 views

CVE-2026-2159 SourceCodester Simple Responsive Tourism Website Registration Master.php cross site scripting

A flaw has been found in SourceCodester Simple Responsive Tourism Website 1.0. Affected is an unknown function of the file /tourism/classes/Master.php?f=register of the component Registration. Executing a manipulation of the argument firstname/lastname/username can lead to cross site scripting. I...

5.3CVSS3.7AI score0.00352EPSS
Exploits1References5
RedhatCVE
RedhatCVE
added 2026/01/09 10:53 a.m.9 views

CVE-2022-33058

Online Railway Reservation System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=deletemessage...

7.2CVSS8.3AI score0.00888EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:48 a.m.9 views

CVE-2022-31973

Online Fire Reporting System v1.0 is vulnerable to Delete any file via /ofrs/classes/Master.php?f=deleteimg...

6.5CVSS6.9AI score0.00928EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:47 a.m.8 views

CVE-2022-31906

Online Fire Reporting System v1.0 is vulnerable to Cross Site Scripting XSS via /ofrs/classes/Master.php...

4.8CVSS6AI score0.00477EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:47 a.m.11 views

CVE-2022-31912

Online Tutor Portal Site v1.0 is vulnerable to SQL Injection via /otps/classes/Master.php?f=deleteteam...

7.2CVSS8.1AI score0.00909EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:47 a.m.10 views

CVE-2022-31354

Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/classes/Master.php?f=getvehicleservice...

9.8CVSS8.1AI score0.01081EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:46 a.m.8 views

CVE-2022-31945

Rescue Dispatch Management System v1.0 is vulnerable to Delete any file via /rdms/classes/Master.php?f=deleteimg...

9.1CVSS6.9AI score0.01056EPSS
Exploits1References1
Rows per page
Query Builder