CVE-2026-6007

A vulnerability was found in itsourcecode Construction Management System 1.0. This affects an unknown function of the file /del.php. The manipulation of the argument equipname results in sql injection. The attack can be launched remotely. The exploit has been made public and could be used...

CVE-2026-6007 itsourcecode Construction Management System del.php sql injection

A vulnerability was found in itsourcecode Construction Management System 1.0. This affects an unknown function of the file /del.php. The manipulation of the argument equipname results in sql injection. The attack can be launched remotely. The exploit has been made public and could be used...

CVE-2026-6006 code-projects Patient Record Management System edit_hpatient.php sql injection

A vulnerability has been found in code-projects Patient Record Management System 1.0. The impacted element is an unknown function of the file /edithpatient.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the...

CVE-2026-6006

The vulnerability affects code-projects Patient Record Management System 1.0, specifically the /edit_hpatient.php function where manipulating the ID parameter leads to a SQL injection. The issue is exploitable remotely and is described as a proof-of-concept in the provided details. No explicit re...

CVE-2026-6005

CVE-2026-6005 affects code-projects Patient Record Management System 1.0; the vulnerable component is hematology_print.php, where manipulating the hem_id parameter enables SQL injection. Exploitation is possible remotely and an exploit has been published. The provided documents do not include any...

CVE-2026-6005

A flaw has been found in code-projects Patient Record Management System 1.0. The affected element is an unknown function of the file /hematologyprint.php. Executing a manipulation of the argument hemid can lead to sql injection. It is possible to launch the attack remotely. The exploit has been...

CVE-2026-6004 code-projects Simple IT Discussion Forum delete-category.php sql injection

A vulnerability was detected in code-projects Simple IT Discussion Forum 1.0. Impacted is an unknown function of the file /delete-category.php. Performing a manipulation of the argument catid results in sql injection. It is possible to initiate the attack remotely. The exploit is now public and m...

CVE-2026-6004

The vulnerability affects code-projects Simple IT Discussion Forum 1.0, specifically the /delete-category.php handler where manipulating the cat_id parameter triggers a SQL injection. The issue stems from unsafely handling input in that function, enabling a remote attacker to interact with the da...

PT-2026-31889

Name of the Vulnerable Software and Affected Versions code-projects Simple IT Discussion Forum version 1.0 Description A flaw exists in code-projects Simple IT Discussion Forum version 1.0 that allows for SQL injection via manipulation of the Category argument in the /add-category-function.php...

PT-2026-31895

Name of the Vulnerable Software and Affected Versions CodeAstro Online Classroom version 1.0 Description A SQL injection issue exists due to manipulation of the fname argument in the file '/updatedetailsfromstudent.php?eno=146891650'. This can be exploited remotely. The exploit has been publicly...

Code-Projects Patient Record Management System SQL注入漏洞

The Code-Projects Patient Record Management System is an open-source medical record management system developed by Code-Projects. Version 1.0 of the Code-Projects Patient Record Management System contains a SQL injection vulnerability. This vulnerability arises from incorrect handling of the hemi...

PT-2026-31901

Name of the Vulnerable Software and Affected Versions Vehicle Showroom Management System version 1.0 Description A flaw exists in Vehicle Showroom Management System 1.0 where manipulation of the VEHICLE ID argument within an unknown function in the /util/VehicleDetailsFunction.php file leads to S...

CVE-2026-36235

A SQL injection vulnerability was found in the scheduleSubList.php file of itsourcecode Online Student Enrollment System v1.0. The reason for this issue is that the 'subjcode' parameter is directly embedded into the SQL query via string interpolation without any sanitization or validation...

CVE-2026-36233

A SQL injection vulnerability was found in the assignInstructorSubjects.php file of itsourcecode Online Student Enrollment System v1.0. The reason for this issue is that attackers can inject malicious code via the parameter "subjcode" and use it directly in SQL queries without the need for...

CVE-2026-36236

SourceCodester Engineers Online Portal v1.0 is vulnerable to SQL Injection in updatepassword.php via the newpassword parameter...

CVE-2026-36232

A SQL injection vulnerability was found in the instructorClasses.php file of itsourcecode Online Student Enrollment System v1.0. The reason for this issue is that the 'classId' parameter from $GET'classId' is directly concatenated into the SQL query without any sanitization or validation...

CVE-2026-29861

PHP-MYSQL-User-Login-System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter at login.php...

CVE-2026-36235

A SQL injection vulnerability was found in the scheduleSubList.php file of itsourcecode Online Student Enrollment System v1.0. The reason for this issue is that the 'subjcode' parameter is directly embedded into the SQL query via string interpolation without any sanitization or validation...

CVE-2026-36234

itsourcecode Online Student Enrollment System v1.0 is vulnerable to SQL Injection in newCourse.php via the 'coursename' parameter...

itsourcecode Online Student Enrollment System 安全漏洞

itsourcecode Online Student Enrollment System is an open-source online enrollment system developed by itsourcecode. Version 1.0 of the itsourcecode Online Student Enrollment System contains a security vulnerability. This vulnerability stems from the uncleaned or unvalidated coursename parameter i...