CVE-2022-2750 SourceCodester Company Website CMS Add Service add-service.php unrestricted upload

A vulnerability, which was classified as critical, was found in SourceCodester Company Website CMS. Affected is an unknown function of the file /dashboard/add-service.php of the component Add Service Handler. The manipulation leads to unrestricted upload. It is possible to launch the attack...

CVE-2022-2749

CVE-2022-2749 affects SourceCodester Gym Management System. Affected component: /mygym/admin/index.php?view_exercises. Root cause: manipulation leads to unrestricted file upload. Impact: allows remote attacker to upload arbitrary files; described as critical with HIGH base score in NVD metrics. E...

CVE-2022-2748 SourceCodester Simple Online Book Store System edit.php cross site scripting

A vulnerability was found in SourceCodester Simple Online Book Store System. It has been classified as problematic. Affected is an unknown function of the file /admin/edit.php. The manipulation of the argument eid leads to cross site scripting. It is possible to launch the attack remotely. The...

CVE-2022-2748

The CVE-2022-2748 entry concerns SourceCodester Simple Online Book Store System. Affected is an unknown function in /admin/edit.php where manipulation of the eid parameter leads to cross-site scripting. The vulnerability can be triggered remotely. The available records describe the issue and its ...

CVE-2022-2747

CVE-2022-2747 affects SourceCodester Simple Online Book Store. The vulnerability resides in book.php where the book_isbn parameter is manipulated, enabling SQL injection. Attacks can be carried out remotely without authentication, with potential high impact on confidentiality, integrity, and avai...

CVE-2022-2747 SourceCodester Simple Online Book Store book.php sql injection

A vulnerability was found in SourceCodester Simple Online Book Store and classified as critical. This issue affects some unknown processing of the file book.php. The manipulation of the argument bookisbn leads to sql injection. The attack may be initiated remotely. The associated identifier of th...

CVE-2022-2746

CVE-2025-66802 affects Sourcecodester Covid-19 Contact Tracing System 1.0. The connected documents describe an RCE (Remote Code Execution) vulnerability that allows a reverse shell (PHP) into the user’s image, enabling RCE. There is no publicly documented fix/version in these sources; PT-2026-229...

CVE-2022-2746 SourceCodester Simple Online Book Store System Admin_ add.php unrestricted upload

A vulnerability has been found in SourceCodester Simple Online Book Store System and classified as critical. This vulnerability affects unknown code of the file Admin add.php. The manipulation leads to unrestricted upload. The attack can be initiated remotely. VDB-206014 is the identifier assigne...

CVE-2022-2745

CVE-2022-2745 affects SourceCodester Gym Management System, specifically the Add New Trainer component (/admin/add_trainers.php). The vulnerability arises from manipulating the trainer_name parameter, enabling SQL injection. It is described as remotely exploitable and classified as critical. Conn...

CVE-2022-2744

CVE-2022-2744 affects SourceCodester Gym Management System. Affects functionality in the Background Management module, specifically the file /admin/add_exercises.php, where manipulating the exer_img (or exer img) parameter enables unrestricted file upload. Evidence across multiple sources confirm...

CVE-2022-2740

SourceCodester Company Website CMS (Add Blog) contains a vulnerability in /dashboard/add-blog.php where the ufile parameter can be manipulated to achieve unrestricted upload. This is described as a remote, high-severity issue with potential for full impact on confidentiality, integrity, and avail...

CVE-2022-2740 SourceCodester Company Website CMS Add Blog add-blog.php unrestricted upload

A vulnerability was found in SourceCodester Company Website CMS. It has been declared as critical. This vulnerability affects unknown code of the file /dashboard/add-blog.php of the component Add Blog. The manipulation of the argument ufile leads to unrestricted upload. The attack can be initiate...

CVE-2022-2736 SourceCodester Company Website CMS Background Upload Logo Icon updatelogo.php unrestricted upload

A vulnerability was found in SourceCodester Company Website CMS. It has been classified as critical. This affects an unknown part of the file /dashboard/updatelogo.php of the component Background Upload Logo Icon. The manipulation of the argument xfile/ufile leads to unrestricted upload. It is...

CVE-2022-2736

CVE-2022-2736 affects SourceCodester Company Website CMS, specifically the /dashboard/updatelogo.php file in the Background Upload Logo Icon component. The root cause is manipulation of the xfile/ufile argument, leading to unrestricted upload. The vulnerability can be triggered remotely, with doc...

PT-2022-18546 · Sourcecodester · Sourcecodester Company Website Cms

Name of the Vulnerable Software and Affected Versions: SourceCodester Company Website CMS version 1.0 Description: A critical issue has been found, affecting an unknown functionality of the file /dashboard/settings, leading to improper authentication. The attack can be launched remotely...

PT-2022-18568 · Sourcecodester · Sourcecodester Simple Online Book Store System

Name of the Vulnerable Software and Affected Versions: SourceCodester Simple Online Book Store System affected versions not specified Description: A critical issue was found in the system, affecting an unknown function of the file /obs/book.php. The manipulation of the bookisbn argument leads to...

PT-2022-18432 · Unknown · Sourcecodester Simple Online Book Store System

Name of the Vulnerable Software and Affected Versions: SourceCodester Simple Online Book Store System affected versions not specified Description: A critical issue has been discovered, affecting the file Admin add.php, which allows for unrestricted upload. This can be initiated remotely...

CVE-2022-2727

A vulnerability was found in SourceCodester Gym Management System. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /mygym/admin/login.php. The manipulation of the argument adminemail/adminpass leads to sql injection. The attack can be...

CVE-2022-2728

SourceCodester Gym Management System contains a SQL injection vulnerability in /mygym/admin/index.php caused by the edit_tran argument. The issue is exploitable remotely and has been publicly disclosed. Affected versions are not specified in the provided documents. Several connected records reite...

CVE-2022-2727

The CVE-2022-2727 entry corresponds to a SQL injection in SourceCodester Gym Management System’s /mygym/admin/login.php. The vulnerability arises from manipulating the admin_email/admin_pass parameters in an unknown functionality, allowing remote exploitation and public disclosure of the exploit....