CVE-2019-18415

Sourcecodester Restaurant Management System 1.0 allows XSS via the "send a message" screen...

CVE-2019-18415

The CVE-2019-18415 entry affects Sourcecodester Restaurant Management System 1.0. It is described as a cross-site scripting (XSS) vulnerability exploitable via the "send a message" screen. Several sources attribute the issue to insufficient validation of client-side data, leading to execution of ...

CVE-2019-18417

CVE-2019-18417 affects Sourcecodester Restaurant Management System 1.0. An authenticated attacker can upload arbitrary files (e.g., PHP) due to inadequate input sanitization, enabling code execution. Multiple sources (NVD entry and Red Hat advisory) confirm the issue, with impact described as hig...

CVE-2019-18416

Sourcecodester Restaurant Management System 1.0 allows XSS via the Last Name field of a member...

CVE-2019-18416

CVE-2019-18416 affects Sourcecodester Restaurant Management System 1.0. The vulnerability is a cross-site scripting (XSS) flaw exploitable via the Last Name field of a member, enabling potential execution of client-side scripts. Documents consistently describe the impact as XSS but do not provide...

CVE-2019-18414

Sourcecodester Restaurant Management System 1.0 is affected by an admin/staff-exec.php Cross Site Request Forgery vulnerability due to a lack of CSRF protection. This could lead to an attacker tricking the administrator into executing arbitrary code or adding a staff entry via a crafted HTML page...

CVE-2019-18414

CVE-2019-18414 affects Sourcecodester Restaurant Management System 1.0. The vulnerability is an admin/staff-exec.php Cross-Site Request Forgery due to missing CSRF protection, allowing an attacker to trick an administrator into performing unintended actions (e.g., executing arbitrary code or addi...

Sql injection

Sourcecodester Hotel and Lodge Management System 1.0 is vulnerable to unauthenticated SQL injection and can allow remote attackers to execute arbitrary SQL commands via the id parameter to the edit page for Customer, Room, Currency, Room Booking Details, or Tax Details...

CVE-2019-18387

CVE-2019-18387 affects Sourcecodester Hotel and Lodge Management System 1.0. The vulnerability is an unauthenticated SQL injection exploitable via the id parameter on the edit page for Customer, Room, Currency, Room Booking Details, or Tax Details. The issue enables attackers to execute arbitrary...

Sql injection

Sourcecodester Online Grading System 1.0 is vulnerable to unauthenticated SQL injection and can allow remote attackers to execute arbitrary SQL commands via the student, instructor, department, room, class, or user page id or classid parameter...

CVE-2019-18344

Sourcecodester Online Grading System 1.0 is vulnerable to unauthenticated SQL injection. The flaw allows remote attackers to execute arbitrary SQL commands via the student, instructor, department, room, class, or user pages (id or classid parameters). Affected component: Online Grading System 1.0...

CVE-2019-18280

CVE-2019-18280 affects Sourcecodester Online Grading System 1.0. The vulnerability is a CSRF weakness due to lack of CSRF protection, allowing an attacker to trick an administrator into executing actions via a crafted HTML page, as demonstrated by a Create User action at the admin/modules/user/co...

Restaurant Management System 1.0 Shell Upload

Exploit Title: Restaurant Management System 1.0 - Remote Code Execution Date: 2019-10-16 Exploit Author: Ibad Shah Vendor Homepage: https://www.sourcecodester.com/users/lewa Software Link: https://www.sourcecodester.com/php/11815/restaurant-management-system.html Version: N/A Tested on: Apache...

Mess Management System 1.0 SQL Injection

Exploit Title: Mess Management System 1.0 - SQL Injection Dork: N/A Date: 2019-01-28 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.m.testbd.xyz/ Software Link: https://www.sourcecodester.com/sites/default/files/download/biddut/ms0.zip Version: 1.0 Category: Webapps Tested on:...

Electricks eCommerce 1.0 Cross Site Request Forgery

Exploit Title: Electricks eCommerce 1.0 - Cross-Site Request Forgery Change Admin Password Date: 2018-11-12 Exploit Author: Nawaf Alkeraithe Software Link: https://www.sourcecodester.com/sites/default/files/download/billyblue/electricks.zip Version: 1.0 PoC: i?userid firstname lastname email...

Fantastic Blog CMS 1.0 - id SQL Injection

Fantastic Blog CMS 1.0 - id SQL Injection Exploit Title: Fantastic Blog CMS 1.0 - 'id' SQL Injection Dork: N/A Date: 2018-11-01 Exploit Author: Ihsan Sencan Vendor Homepage: https://www.sourcecodester.com/users/ronald-ronniem/ Software Link:...

Fantastic Blog CMS 1.0 - id SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Fantastic Blog CMS 1.0 - 'id' SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: https://www.sourcecodester.com/users/ronald-ronniem/ Software Link:...

Fantastic Blog CMS 1.0 - 'id' SQL Injection

Exploit Title: Fantastic Blog CMS 1.0 - 'id' SQL Injection Dork: N/A Date: 2018-11-01 Exploit Author: Ihsan Sencan Vendor Homepage: https://www.sourcecodester.com/users/ronald-ronniem/ Software Link: https://www.sourcecodester.com/sites/default/files/download/Ronald%20Ronnie/fantasticblog0.zip...

University Application System 1.0 Cross Site Request Forgery / SQL Injection

Exploit Title: University Application System 1.0 - SQL Injection / Cross-Site Request Forgery Add Admin Dork: N/A Date: 2018-10-30 Exploit Author: Ihsan Sencan Vendor Homepage: https://www.sourcecodester.com/users/pamzey Software Link:...

Bakeshop Inventory System in VB.Net and MS Access Database 1.0 - SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Bakeshop Inventory System in VB.Net and MS Access Database 1.0 - SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: https://www.sourcecodester.com/users/janobe Software Link:...