CVE-2026-3806 SourceCodester/janobe Resort Reservation System room_rates.php sql injection

A weakness has been identified in SourceCodester/janobe Resort Reservation System 1.0. This issue affects some unknown processing of the file /roomrates.php. This manipulation of the argument q causes sql injection. The attack can be initiated remotely. The exploit has been made available to the...

CVE-2026-3791 SourceCodester Sales and Inventory System Search dashboard.php sql injection

A vulnerability has been found in SourceCodester Sales and Inventory System 1.0. Affected by this issue is some unknown functionality of the file dashboard.php of the component Search. The manipulation of the argument searchtxt leads to sql injection. The attack is possible to be carried out...

CVE-2026-3754

A vulnerability was found in SourceCodester Sales and Inventory System 1.0. This affects an unknown function of the file /addstock.php. Performing a manipulation of the argument cost results in sql injection. The attack can be initiated remotely. The exploit has been made public and could be used...

CVE-2026-3752

A flaw has been found in SourceCodester Employee Task Management System up to 1.0. The affected element is an unknown function of the file /daily-task-report.php of the component GET Parameter Handler. This manipulation of the argument Date causes sql injection. It is possible to initiate the...

CVE-2026-3702

A vulnerability was detected in SourceCodester Loan Management System 1.0. Affected by this issue is some unknown functionality of the file /index.php. Performing a manipulation of the argument page results in cross site scripting. The attack is possible to be carried out remotely. The exploit is...

CVE-2026-3695

A vulnerability has been found in SourceCodester Modern Image Gallery App 1.0. Impacted is an unknown function of the file /delete.php. Such manipulation of the argument filename leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public an...

SourceCodester Patients Waiting Area Queue Management System 授权问题漏洞

The SourceCodester Patients Waiting Area Queue Management System is an open-source system developed by SourceCodester for managing patient waiting queues. Version 1.0 of the SourceCodester Patients Waiting Area Queue Management System contains a vulnerability related to authorization issues. This...

SourceCodester Sales and Inventory System SQL注入漏洞

The SourceCodester Sales and Inventory System is an open-source sales and inventory management system developed by SourceCodester. Versions of the SourceCodester Sales and Inventory System prior to version 1.0 contained a SQL injection vulnerability. This vulnerability stemmed from incorrect...

PT-2026-23895

Name of the Vulnerable Software and Affected Versions SourceCodester Modern Image Gallery App version 1.0 Description A path traversal issue exists in SourceCodester Modern Image Gallery App version 1.0. The issue is located in the /delete.php file, specifically affecting an unknown function...

PT-2026-23973

Name of the Vulnerable Software and Affected Versions SourceCodester Client Database Management System versions 1.0 through 3.1 Description A flaw exists in the Endpoint component of the software, specifically within the /superadmin delete manager.php file. Improper authorization can be triggered...

EUVD-2026-9134

A weakness has been identified in SourceCodester Web-based Pharmacy Product Management System 1.0. This affects an unknown part. This manipulation causes session expiration. Remote exploitation of the attack is possible. The complexity of an attack is rather high. It is indicated that the...

CVE-2026-26704

CVE-2026-26704 affects sourcecodester’s Pharmacy Point of Sale System v1.0. The linked Red Hat/NVD/other sources confirm a SQL Injection vulnerability in the /pharmacy/view_category.php endpoint (also referred to as /pharmacy/view category.php in some docs). Root cause: inadequate input sanitizat...

EUVD-2026-9193

sourcecodester Personnel Property Equipment System v1.0 is vulnerable to SQL Injection in /ppes/admin/advancesearch.php...

CVE-2026-3171

CVE-2026-3171 affects SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0. Affected is an unknown functionality in the file /queue.php where manipulation of the firstname/lastname argument enables cross-site scripting. The flaw can be exploited remotely; the exploit has...

CVE-2026-3148

A vulnerability was determined in SourceCodester Simple and Nice Shopping Cart Script 1.0. This impacts an unknown function of the file /signup.php. This manipulation of the argument Username causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and m...

CVE-2026-2983 SourceCodester Student Result Management System Bulk Import import_users.php access control

A vulnerability was determined in SourceCodester Student Result Management System 1.0. The impacted element is an unknown function of the file /admin/core/importusers.php of the component Bulk Import. This manipulation of the argument File causes improper access controls. Remote exploitation of t...

CVE-2026-2938 SourceCodester Student Result Management System update_smtp.php access control

A vulnerability has been found in SourceCodester Student Result Management System 1.0. The affected element is an unknown function of the file /srms/script/admin/core/updatesmtp.php. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit ha...

CVE-2025-70141

SourceCodester Customer Support System 1.0 contains an incorrect access control vulnerability in ajax.php. The AJAX dispatcher does not enforce authentication or authorization before invoking administrative methods in adminclass.php based on the action parameter. An unauthenticated remote attacke...

CVE-2026-2150

A flaw has been found in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0. Affected by this issue is some unknown functionality of the file /checkin.php. This manipulation of the argument patientid causes cross site scripting. The attack can be initiated remotely. Th...

CVE-2026-2150

A flaw has been found in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0. Affected by this issue is some unknown functionality of the file /checkin.php. This manipulation of the argument patientid causes cross site scripting. The attack can be initiated remotely. Th...