295 matches found
CVE-2026-26884
Sourcecodester Online Men's Salon Management System v1.0 is vulnerable to SQL Injection in /msms/admin/appointments/viewappointment.php...
CVE-2026-26883
Sourcecodester Online Men's Salon Management System v1.0 is vulnerable to SQL Injection in /msms/classes/Master.php?f=deleteappointment...
CVE-2026-26885
Sourcecodester Online Men's Salon Management System v1.0 is vulnerable to SQL Injection in /classes/Master.php?f=deleteservice...
CVE-2026-26883
Sourcecodester Online Men's Salon Management System v1.0 is vulnerable to SQL Injection in /msms/classes/Master.php?f=deleteappointment...
CVE-2026-26883
Sourcecodester Online Men's Salon Management System v1.0 is vulnerable to SQL Injection in /msms/classes/Master.php?f=deleteappointment...
CVE-2026-26699
sourcecodester Personnel Property Equipment System v1.0 is vulnerable to arbitrary code execution in ip/ppes/admin/adminchangepicture.php...
CVE-2026-26703
sourcecodester Personnel Property Equipment System v1.0 is vulnerable to SQL Injection in /ppes/admin/advancesearch.php...
CVE-2026-26701
sourcecodester Personnel Property Equipment System v1.0 is vulnerable to SQL Injection in /ppes/admin/edittecnicaluser.php...
CVE-2026-26700
sourcecodester Personnel Property Equipment System v1.0 is vulnerable to SQL Injection in /ppes/admin/editemployee.php...
CVE-2026-3170
A vulnerability was detected in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0. Affected is an unknown function of the file /patient-search.php. The manipulation of the argument First Name/Last Name results in cross site scripting. The attack can be executed...
CVE-2026-3170
CVE-2026-3170 affects SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0; vulnerability located in an unknown function of /patient-search.php. Manipulation of First Name/Last Name can trigger cross-site scripting, with remote attack capability and a public exploit refe...
CVE-2026-2938
The CVE-2026-2938 entry relates to SourceCodester Student Result Management System 1.0, affecting the file /srms/script/admin/core/update_smtp.php. The root cause is an unspecified function allowing improper access controls, enabling remote initiation of an attack. Public exploit disclosure is no...
CVE-2023-4182
A vulnerability, which was classified as critical, was found in SourceCodester Inventory Management System 1.0. This affects an unknown part of the file editsell.php. The manipulation of the argument uppid leads to sql injection. It is possible to initiate the attack remotely. The identifier...
PT-2025-49586
Name of the Vulnerable Software and Affected Versions SourceCodester Patients Waiting Area Queue Management System version 1 Description A SQL injection issue exists in the /php/api patient schedule.php component. Attackers can execute arbitrary SQL commands by manipulating the appointmentID...
CVE-2025-64081
SQL injection vulnerability in /php/apipatientschedule.php in SourceCodester Patients Waiting Area Queue Management System v1 allows attackers to execute arbitrary SQL commands via the appointmentID parameter...
CVE-2025-13345
A security vulnerability has been detected in SourceCodester Train Station Ticketing System 1.0. Affected by this issue is some unknown functionality of the file /ajax.php?action=saveticket. Such manipulation leads to sql injection. The attack can be launched remotely. The exploit has been...
CVE-2025-63711
A Cross-Site Request Forgery CSRF vulnerability in the SourceCodester Client Database Management System 1.0 allows an attacker to cause an authenticated administrative user to perform user deletion actions without their consent. The application's user deletion endpoint e.g.,...
CVE-2025-12853
The CVE-2025-12853 issue affects SourceCodester Best House Rental Management System version 1.0, specifically the delete_house function in /admin_class.php. A manipulation of the ID parameter enables SQL injection, with remote exploitability and publicly disclosed exploits. Multiple feeds corrobo...
CVE-2025-12614 SourceCodester Best House Rental Management System admin_class.php delete_payment sql injection
A weakness has been identified in SourceCodester Best House Rental Management System 1.0. Impacted is the function deletepayment of the file /adminclass.php. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely. The exploit has been made...
CVE-2025-12598 SourceCodester Best House Rental Management System admin_class.php save_tenant sql injection
A flaw has been found in SourceCodester Best House Rental Management System 1.0. Affected by this issue is the function savetenant of the file /adminclass.php. Executing manipulation of the argument firstname can lead to sql injection. The attack can be launched remotely. The exploit has been...