SourceCodester Simple To-Do List System 代码注入漏洞

SourceCodester Simple To-Do List System is SourceCodester open source a simple to-do list system . A code injection vulnerability exists in SourceCodester Simple To-Do List System version 1.0, which originates from a cross-site scripting attack due to incorrect manipulation of the file...

PT-2025-36539

Name of the Vulnerable Software and Affected Versions: SourceCodester Simple To-Do List System version 1.0 Description: A weakness exists in SourceCodester Simple To-Do List System that allows for cross site scripting. The issue is located in the /fetch tasks.php file, within the Add New Task...

CVE-2025-10100

A vulnerability was detected in SourceCodester Simple Forum Discussion System 1.0. This impacts an unknown function of the file /adminclass.php?action=login. Performing manipulation of the argument Username results in sql injection. It is possible to initiate the attack remotely. The exploit is n...

CVE-2025-10100

A vulnerability was detected in SourceCodester Simple Forum Discussion System 1.0. This impacts an unknown function of the file /adminclass.php?action=login. Performing manipulation of the argument Username results in sql injection. It is possible to initiate the attack remotely. The exploit is n...

CVE-2025-10100

CVE-2025-10100 affects SourceCodester Simple Forum Discussion System 1.0. The vulnerability is in the function handling the login endpoint, specifically the file path /admin_class.php?action=login, where manipulation of the Username parameter enables SQL injection. It is described as remotely exp...

CVE-2025-10100 SourceCodester Simple Forum Discussion System admin_class.php sql injection

A vulnerability was detected in SourceCodester Simple Forum Discussion System 1.0. This impacts an unknown function of the file /adminclass.php?action=login. Performing manipulation of the argument Username results in sql injection. It is possible to initiate the attack remotely. The exploit is n...

CVE-2025-10100 SourceCodester Simple Forum Discussion System admin_class.php sql injection

A vulnerability was detected in SourceCodester Simple Forum Discussion System 1.0. This impacts an unknown function of the file /adminclass.php?action=login. Performing manipulation of the argument Username results in sql injection. It is possible to initiate the attack remotely. The exploit is n...

CVE-2025-10088

A vulnerability was detected in SourceCodester Time Tracker 1.0. The affected element is an unknown function of the file /index.html. Performing manipulation of the argument project-name results in cross site scripting. The attack may be initiated remotely. The exploit is now public and may be us...

CVE-2025-10087

A security vulnerability has been detected in SourceCodester Pet Grooming Management Software 1.0. Impacted is an unknown function of the file /admin/profitreport.php. Such manipulation of the argument productid leads to sql injection. The attack can be launched remotely. The exploit has been...

CVE-2025-10088 SourceCodester Time Tracker index.html cross site scripting

A vulnerability was detected in SourceCodester Time Tracker 1.0. The affected element is an unknown function of the file /index.html. Performing manipulation of the argument project-name results in cross site scripting. The attack may be initiated remotely. The exploit is now public and may be us...

CVE-2025-10088 SourceCodester Time Tracker index.html cross site scripting

A vulnerability was detected in SourceCodester Time Tracker 1.0. The affected element is an unknown function of the file /index.html. Performing manipulation of the argument project-name results in cross site scripting. The attack may be initiated remotely. The exploit is now public and may be us...

CVE-2025-10087 SourceCodester Pet Grooming Management Software profit_report.php sql injection

A security vulnerability has been detected in SourceCodester Pet Grooming Management Software 1.0. Impacted is an unknown function of the file /admin/profitreport.php. Such manipulation of the argument productid leads to sql injection. The attack can be launched remotely. The exploit has been...

CVE-2025-10087

SourceCodester Pet Grooming Management Software 1.0 is affected by a SQL injection in /admin/profit_report.php via the product_id parameter. The vulnerability is exploitable remotely and can be triggered without user interaction, with the exploit publicly disclosed. Root cause: improper handling ...

CVE-2025-10085

A security flaw has been discovered in SourceCodester Pet Grooming Management Software 1.0. This vulnerability affects unknown code of the file managewebsite.php. The manipulation results in unrestricted upload. It is possible to launch the attack remotely. The exploit has been released to the...

CVE-2025-10085

A security flaw has been discovered in SourceCodester Pet Grooming Management Software 1.0. This vulnerability affects unknown code of the file managewebsite.php. The manipulation results in unrestricted upload. It is possible to launch the attack remotely. The exploit has been released to the...

CVE-2025-10085

CVE-2025-10085 affects SourceCodester Pet Grooming Management Software 1.0. A vulnerability in the file manage_website.php allows unrestricted file upload due to manipulation of unknown code, enabling a remotely exploitable attack. Multiple sources note that the exploit is publicly available and ...

CVE-2025-10083

A vulnerability was determined in SourceCodester Pet Grooming Management Software 1.0. Affected by this issue is some unknown functionality of the file /admin/profile.php. Executing manipulation can lead to unrestricted upload. The attack may be performed from remote. The exploit has been publicl...

CVE-2025-10083

A vulnerability was determined in SourceCodester Pet Grooming Management Software 1.0. Affected by this issue is some unknown functionality of the file /admin/profile.php. Executing manipulation can lead to unrestricted upload. The attack may be performed from remote. The exploit has been publicl...

CVE-2025-10083 SourceCodester Pet Grooming Management Software profile.php unrestricted upload

A vulnerability was determined in SourceCodester Pet Grooming Management Software 1.0. Affected by this issue is some unknown functionality of the file /admin/profile.php. Executing manipulation can lead to unrestricted upload. The attack may be performed from remote. The exploit has been publicl...

CVE-2025-10083

SourceCodester Pet Grooming Management Software 1.0 contains an unrestricted file upload vulnerability in the /admin/profile.php endpoint. Exploitation is possible remotely and can lead to arbitrary file upload, with potential impact on confidentiality, integrity, and availability as indicated by...