16049 matches found
CVE-2025-63711
A Cross-Site Request Forgery CSRF vulnerability in the SourceCodester Client Database Management System 1.0 allows an attacker to cause an authenticated administrative user to perform user deletion actions without their consent. The application's user deletion endpoint e.g.,...
SourceCodester Farm Management System SQL注入漏洞
SourceCodester Farm Management System is a SourceCodester open source farm management system. A SQL injection vulnerability exists in SourceCodester Farm Management System version 1.0, which stems from an incorrect manipulation of the parameter pid in the file /review.php, which could lead to a S...
CVE-2025-63711
A Cross-Site Request Forgery CSRF vulnerability in the SourceCodester Client Database Management System 1.0 allows an attacker to cause an authenticated administrative user to perform user deletion actions without their consent. The application's user deletion endpoint e.g.,...
PT-2025-46161
Name of the Vulnerable Software and Affected Versions SourceCodester Simple Public Chat Room version 1.0 Description The application lacks CSRF-protection mechanisms like tokens, nonces, or same-site cookie restrictions. An attacker can create a malicious HTML page that, when visited by an...
SourceCodester Food Ordering System SQL注入漏洞
SourceCodester Food Ordering System is a SourceCodester open source food ordering system. A SQL injection vulnerability exists in SourceCodester Food Ordering System version 1.0, which stems from incorrect manipulation of the parameter msgid in the file /admin.php?id=inbox, which can lead to SQL...
PT-2025-45596
Name of the Vulnerable Software and Affected Versions SourceCodester Survey Application System version 1.0 Description A flaw exists in the SourceCodester Survey Application System that allows for SQL injection. This occurs through manipulation of the fullname argument within the save user/update...
PT-2025-45602
A vulnerability was determined in SourceCodester Baby Care System 1.0. Affected by this issue is some unknown functionality of the file /admin.php?id=inbox. This manipulation of the argument msgid causes sql injection. The attack can be initiated remotely. The exploit has been publicly disclosed...
SourceCodester Simple To-Do List System 安全漏洞
SourceCodester Simple To-Do List System is a simple to-do list system from SourceCodester open source. A security vulnerability exists in SourceCodester Simple To-Do List System version 1.0, which stems from Add Tasks text input that is not properly cleaned up or encoded for output, which could...
PT-2025-45603
A vulnerability was identified in SourceCodester Baby Care System 1.0. This affects an unknown part of the file /updatewelcome.php?id=siteoptions=welcome. Such manipulation of the argument roleid leads to sql injection. The attack can be launched remotely. The exploit is publicly available and...
CVE-2025-63711
CVE-2025-63711 is a CSRF vulnerability affecting SourceCodester Client Database Management System 1.0. The issue: the user deletion endpoint (e.g., superadmin_user_delete.php) accepts POST with user_id and lacks request origin checks, anti-CSRF tokens, and proper authentication/authorization. An ...
SourceCodester Product Expiry Management System 安全漏洞
SourceCodester Product Expiry Management System is an open source product expiration management system from SourceCodester. A security vulnerability exists in SourceCodester Product Expiry Management System, which stems from the user management module delete-user.php relying on session cookies an...
SourceCodester Client Database Management System 安全漏洞
SourceCodester Client Database Management System is an open source client database management system from SourceCodester. A security vulnerability exists in the SourceCodester Client Database Management System version 1.0, which stems from a lack of authentication and authorization checks and...
SourceCodester Interview Management System SQL注入漏洞
SourceCodester Interview Management System is a SourceCodester open source interview management system . SourceCodester Interview Management System 1.0 and earlier versions have a SQL injection vulnerability that stems from incorrect manipulation of the parameter candName in the file...
SourceCodester Baby Care System SQL注入漏洞
SourceCodester Baby Care System is a SourceCodester open source application. It provides a baby care system. A SQL injection vulnerability exists in SourceCodester Baby Care System version 1.0, which stems from incorrect manipulation of the parameter roleid in the file /updatewelcome.php, which...
CVE-2025-63709
A Cross-Site Scripting XSS vulnerability exists in SourceCodester Simple To-Do List System 1.0 in the "Add Tasks" text input. An authenticated user can submit HTML/JavaScript that is not correctly sanitized or encoded on output. The injected script is stored and later rendered in the browser of a...
PT-2025-46163
Name of the Vulnerable Software and Affected Versions SourceCodester Product Expiry Management System affected versions not specified Description The software contains a Cross-Site Request Forgery CSRF issue within the User Management module. Specifically, the delete-user.php endpoint is...
SourceCodester Food Ordering System SQL注入漏洞
SourceCodester Food Ordering System is a SourceCodester open source food ordering system. A SQL injection vulnerability exists in SourceCodester Food Ordering System version 1.0, which stems from incorrect manipulation of the parameter ID in the file /routers/edit-orders.php, which could lead to ...
CVE-2025-63709
A Cross-Site Scripting XSS vulnerability exists in SourceCodester Simple To-Do List System 1.0 in the "Add Tasks" text input. An authenticated user can submit HTML/JavaScript that is not correctly sanitized or encoded on output. The injected script is stored and later rendered in the browser of a...
SourceCodester Food Ordering System 安全漏洞
SourceCodester Food Ordering System is an open source food ordering system from SourceCodester. A security vulnerability exists in SourceCodester Food Ordering System version 1.0, which stems from an incorrect manipulation of the parameter ID in the file /view-ticket.php, which could lead to a SQ...
PT-2025-45590
A weakness has been identified in SourceCodester Farm Management System 1.0. The affected element is an unknown function of the file /review.php. This manipulation of the argument pid causes sql injection. Remote exploitation of the attack is possible. The exploit has been made available to the...