CVE-2019-18280

Sourcecodester Online Grading System 1.0 is affected by a Cross Site Request Forgery vulnerability due to a lack of CSRF protection. This could lead to an attacker tricking the administrator into executing arbitrary code via a crafted HTML page, as demonstrated by a Create User action at the...

CVE-2019-18344

Sourcecodester Online Grading System 1.0 is vulnerable to unauthenticated SQL injection and can allow remote attackers to execute arbitrary SQL commands via the student, instructor, department, room, class, or user page id or classid parameter...

CVE-2019-18387

Sourcecodester Hotel and Lodge Management System 1.0 is vulnerable to unauthenticated SQL injection and can allow remote attackers to execute arbitrary SQL commands via the id parameter to the edit page for Customer, Room, Currency, Room Booking Details, or Tax Details...

CVE-2025-4937

A vulnerability was found in SourceCodester Apartment Visitor Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /profile.php. The manipulation of the argument mobilenumber leads to sql injection. The attack can be...

CVE-2025-4935

A vulnerability was found in SourceCodester Stock Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /phpaction/changePassword.php. The manipulation of the argument userid leads to sql injection. The attack may be initiated remotely. The explo...

CVE-2025-4924

A vulnerability, which was classified as critical, was found in SourceCodester Client Database Management System 1.0. Affected is an unknown function of the file /uservoidtransaction.php. The manipulation of the argument orderid leads to sql injection. It is possible to launch the attack remotely...

CVE-2025-4923

A vulnerability, which was classified as critical, has been found in SourceCodester Client Database Management System 1.0. This issue affects some unknown processing of the file /userdeliveryupdate.php. The manipulation of the argument uploadedfilecancelled leads to unrestricted upload. The attac...

CVE-2025-4909

A vulnerability classified as critical was found in SourceCodester Client Database Management System 1.0. This vulnerability affects unknown code. The manipulation leads to exposure of information through directory listing. The attack can be initiated remotely. The exploit has been disclosed to t...

CVE-2025-4912

A vulnerability has been found in SourceCodester Student Result Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/core/updatestudent.php of the component Image File Handler. The manipulation of the argument oldphoto lea...

CVE-2025-4895

A vulnerability, which was classified as critical, has been found in SourceCodester Doctors Appointment System 1.0. This issue affects some unknown processing of the file /admin/delete-session.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. T...

CVE-2025-4898

A vulnerability was found in SourceCodester Student Result Management System 1.0. It has been declared as critical. This vulnerability affects the function unlink of the file updatesystem.php of the component Logo File Handler. The manipulation of the argument oldlogo leads to path traversal. The...

CVE-2025-4887

A vulnerability, which was classified as problematic, has been found in SourceCodester Online Student Clearance System 1.0. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclos...

CVE-2025-5002

A vulnerability, which was classified as critical, was found in SourceCodester Client Database Management System 1.0. This affects an unknown part of the file /userproposalupdateorder.php. The manipulation of the argument orderid leads to sql injection. It is possible to initiate the attack...

CVE-2025-5002

A vulnerability, which was classified as critical, was found in SourceCodester Client Database Management System 1.0. This affects an unknown part of the file /userproposalupdateorder.php. The manipulation of the argument orderid leads to sql injection. It is possible to initiate the attack...

CVE-2025-5002

CVE-2025-5002 affects SourceCodester Client Database Management System 1.0. The vulnerability resides in /user_proposal_update_order.php, where manipulating the order_id parameter enables SQL injection. The issue is exploitable remotely and exploitation has been disclosed publicly. The public rec...

CVE-2025-5002 SourceCodester Client Database Management System user_proposal_update_order.php sql injection

A vulnerability, which was classified as critical, was found in SourceCodester Client Database Management System 1.0. This affects an unknown part of the file /userproposalupdateorder.php. The manipulation of the argument orderid leads to sql injection. It is possible to initiate the attack...

CVE-2025-5002 SourceCodester Client Database Management System user_proposal_update_order.php sql injection

A vulnerability, which was classified as critical, was found in SourceCodester Client Database Management System 1.0. This affects an unknown part of the file /userproposalupdateorder.php. The manipulation of the argument orderid leads to sql injection. It is possible to initiate the attack...

PT-2025-22312 · Sourcecodester · Sourcecodester Client Database Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Client Database Management System version 1.0 Description: A critical issue was found in the SourceCodester Client Database Management System. This affects an unknown part of the file /user proposal update order.php. The...

CVE-2025-4937

A vulnerability was found in SourceCodester Apartment Visitor Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /profile.php. The manipulation of the argument mobilenumber leads to sql injection. The attack can be...

CVE-2025-4937

A vulnerability was found in SourceCodester Apartment Visitor Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /profile.php. The manipulation of the argument mobilenumber leads to sql injection. The attack can be...