CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

16072 matches found

RedhatCVE•added 2025/05/22 5:1 p.m.•4 views

CVE-2020-28138

SourceCodester Online Clothing Store 1.0 is affected by a SQL Injection via the txtUserName parameter to login.php...

9.8CVSS8AI score0.01957EPSS

Exploits1

RedhatCVE•added 2025/05/22 4:31 p.m.•10 views

CVE-2020-23835

A Reflected Cross-Site Scripting XSS vulnerability in the index.php login-portal webpage of SourceCodester Tailor Management System v1.0 allows remote attackers to harvest keys pressed by an unauthenticated victim who clicks on a malicious URL and begins typing...

6.4CVSS6AI score0.02289EPSS

Exploits3

RedhatCVE•added 2025/05/22 4:31 p.m.•3 views

CVE-2020-23828

A File Upload vulnerability in SourceCodester Online Course Registration v1.0 allows remote attackers to achieve Remote Code Execution RCE on the hosting webserver by uploading a crafted PHP web-shell that bypasses the image upload filters. An attack uses...

9.8CVSS7.8AI score0.04105EPSS

Exploits1

RedhatCVE•added 2025/05/22 4:29 p.m.•4 views

CVE-2020-21012

Sourcecodester Hotel and Lodge Management System 2.0 is vulnerable to unauthenticated SQL injection and can allow remote attackers to execute arbitrary SQL commands via the email parameter to the edit page for Customer, Room, Currency, Room Booking Details, or Tax Details...

9.8CVSS9AI score0.03446EPSS

Exploits1

RedhatCVE•added 2025/05/22 4:12 p.m.•6 views

CVE-2020-25272

In SourceCodester Online Bus Booking System 1.0, there is XSS through the name parameter in booknow.php...

6.1CVSS6AI score0.00856EPSS

Exploits1

RedhatCVE•added 2025/05/22 3:58 p.m.•5 views

CVE-2020-25955

SourceCodester Student Management System Project in PHP version 1.0 is vulnerable to stored a cross-site scripting XSS via the 'add subject' tab...

5.4CVSS5.7AI score0.00929EPSS

Exploits2

RedhatCVE•added 2025/05/22 3:31 p.m.•7 views

CVE-2020-36033

SQL injection vulnerability in SourceCodester Water Billing System 1.0 via the id parameter to edituser.php...

9.8CVSS7.9AI score0.01133EPSS

Exploits1

RedhatCVE•added 2025/05/22 3:28 p.m.•6 views

CVE-2020-28071

SourceCodester Alumni Management System 1.0 is affected by cross-site Scripting XSS in /admin/gallery.php. After the admin authentication an attacker can upload an image in the gallery using a XSS payload in the description textarea called 'about' and reach a stored XSS...

4.8CVSS5.4AI score0.00642EPSS

Exploits2

RedhatCVE•added 2025/05/22 3:28 p.m.•9 views

CVE-2020-28072

A Remote Code Execution vulnerability exists in DourceCodester Alumni Management System 1.0. An authenticated attacker can upload arbitrary file in the gallery.php page and executing it on the server reaching the RCE...

7.2CVSS7.5AI score0.0257EPSS

Exploits2

RedhatCVE•added 2025/05/22 3:26 p.m.•5 views

CVE-2020-23831

A Reflected Cross-Site Scripting XSS vulnerability in the index.php login-portal webpage of SourceCodester Stock Management System v1.0 allows remote attackers to harvest login credentials and session cookies when an unauthenticated victim clicks on a malicious URL and enters credentials...

6.4CVSS6.2AI score0.00842EPSS

Exploits1

RedhatCVE•added 2025/05/22 3:26 p.m.•5 views

CVE-2020-28183

SQL injection vulnerability in SourceCodester Water Billing System 1.0 via the username and password parameters to process.php...

10CVSS8.1AI score0.02525EPSS

Exploits1

RedhatCVE•added 2025/05/22 3:26 p.m.•5 views

CVE-2020-28130

An Arbitrary File Upload in the Upload Image component in SourceCodester Online Library Management System 1.0 allows the user to conduct remote code execution via admin/borrower/index.php?view=add because .php files can be uploaded to admin/borrower/photos under the web root...

10CVSS7.8AI score0.06263EPSS

Exploits1

RedhatCVE•added 2025/05/22 3:26 p.m.•9 views

CVE-2020-28129

Stored Cross-site scripting XSS vulnerability in SourceCodester Gym Management System 1.0 allows users to inject and store arbitrary JavaScript code in index.php?page=packages via vulnerable fields 'Package Name' and 'Description'...

6.1CVSS5.8AI score0.00947EPSS

Exploits1

RedhatCVE•added 2025/05/22 3:26 p.m.•8 views

CVE-2020-28073

SourceCodester Library Management System 1.0 is affected by SQL Injection allowing an attacker to bypass the user authentication and impersonate any user on the system...

9.8CVSS8.3AI score0.02773EPSS

Exploits2

RedhatCVE•added 2025/05/22 3:23 p.m.•8 views

CVE-2020-25905

An SQL Injection vulnerabilty exists in Sourcecodester Mobile Shop System in PHP MySQL 1.0 via the email parameter in 1 login.php or 2 LoginAsAdmin.php...

9.8CVSS8.2AI score0.01666EPSS

Exploits1

RedhatCVE•added 2025/05/22 3:21 p.m.•5 views

CVE-2020-24932

An SQL Injection vulnerability exists in Sourcecodester Complaint Management System 1.0 via the cid parameter in complaint-details.php...

9.8CVSS8.2AI score0.01591EPSS

Exploits1

RedhatCVE•added 2025/05/22 3:21 p.m.•3 views

CVE-2020-24208

A SQL injection vulnerability in SourceCodester Online Shopping Alphaware 1.0 allows remote unauthenticated attackers to bypass the authentication process via email and password parameters...

9.8CVSS8.6AI score0.03312EPSS

Exploits0

RedhatCVE•added 2025/05/22 3:14 p.m.•5 views

CVE-2020-14972

Multiple SQL injection vulnerabilities in Sourcecodester Pisay Online E-Learning System 1.0 allow remote unauthenticated attackers to bypass authentication and achieve Remote Code Execution RCE via the useremail, userpass, and id parameters on the admin login-portal and the edit-lessons webpages...

9.8CVSS9.3AI score0.05392EPSS

Exploits1

RedhatCVE•added 2025/05/22 8:35 a.m.•6 views

CVE-2019-18416

Sourcecodester Restaurant Management System 1.0 allows XSS via the Last Name field of a member...

6.1CVSS5.9AI score0.00668EPSS

Exploits1References1

RedhatCVE•added 2025/05/22 8:33 a.m.•5 views

CVE-2019-18415

Sourcecodester Restaurant Management System 1.0 allows XSS via the "send a message" screen...

6.1CVSS5.9AI score0.00668EPSS

Exploits1References1