23 matches found
CVE-2023-42308
CVE-2023-42308 is an XSS vulnerability affecting Code-Projects Exam Form Submission version 1.0, specifically in the Manage Fastrack Subjects feature. The root cause involves untrusted input in the Subject Name and Subject Code fields, enabling cross-site script execution. Public documents from R...
CVE-2023-42307
The CVE-2023-42307 entry concerns a Cross Site Scripting (XSS) vulnerability in the Code-Projects Exam Form Submission 1.0. The issue allows an attacker to execute arbitrary code via inputs in the Subject Name and Subject Code fields. Public references in the connected documents consistently desc...
CVE-2025-8237
The CVE-2025-8237 entry describes a SQL injection in code-projects Exam Form Submission 1.0, caused by improper handling of the credits parameter in /admin/update_s1.php. This enables remote exploitation and is described as a critical issue; multiple sources corroborate the vulnerability in the s...
CVE-2025-8255
CVE-2025-8255 affects the code-projects Exam Form Submission 1.0 . The vulnerability is in the handling of the file at /register.php where manipulation of the image parameter allows unrestricted file upload. Reports state the attack can be initiated remotely and that the exploit has been publicly...
CVE-2025-8253
CVE-2025-8253 – code-projects Exam Form Submission 1.0 is affected by a vulnerability in the file /admin/delete_s6.php, where improper handling of the ID parameter enables an SQL injection. The issue is exploitable remotely and has been publicly disclosed. Multiple sources report high to critical...
CVE-2025-8251
CVE-2025-8251 affects code-projects Exam Form Submission 1.0. The vulnerability lies in the /admin/delete_s4.php function where manipulating the ID parameter leads to an SQL injection. This can be exploited remotely and the exploit has been publicly disclosed. Multiple connected sources corrobora...
CVE-2025-8252
CVE-2025-8252 concerns code-projects Exam Form Submission 1.0. Affected component is the file /admin/delete_s5.php, where manipulation of the ID parameter enables SQL injection. The issue is exploitable remotely and the exploit has been disclosed publicly. The connected documents consistently des...
CVE-2025-8269
CVE-2025-8269 affects code-projects Exam Form Submission 1.0. The vulnerability is an SQL injection in the file /admin/delete_s1.php caused by manipulation of the ID parameter. The issue can be triggered remotely and exploit details have been publicly disclosed. Documents indicate exploitation po...
CVE-2025-8273
CVE-2025-8273 affects code-projects Exam Form Submission 1.0. The vulnerability is an SQL injection in the file /admin/update_s8.php where manipulating the credits parameter enables remote exploitation. Multiple connected documents confirm the issue and note that an exploit has been publicly disc...
CVE-2025-8326
CVE-2025-8326 concerns code-projects Exam Form Submission 1.0. The vulnerability is triggered by manipulating the ID parameter in the /admin/delete_s7.php function, leading to a SQL injection. It enables remote exploitation and exploitation has been publicly disclosed. Several connected sources r...
CVE-2025-8372
The CVE-2025-8372 entry concerns code-projects Exam Form Submission 1.0. Publicly disclosed SQL injection/scenario stems from the /admin/update_s7.php file, via manipulation of the credits parameter. The root cause is lack of validation/execution safeguards for external SQL statements in credits,...
CVE-2025-8249
CVE-2025-8249 affects code-projects Exam Form Submission 1.0. The vulnerability is an SQL injection in the processing of the file /admin/update_s3.php caused by unsafely handling the credits parameter. The issue can be exploited remotely, and public disclosure is noted in several sources, with at...
CVE-2025-8271
CVE-2025-8271 affects code-projects Exam Form Submission 1.0. The vulnerability resides in unknown code within the file /admin/delete_s3.php , where manipulation of the ID argument enables SQL injection . It supports remote initiation and, per sources, the exploit has been publicly disclosed. Aff...
CVE-2025-8250
CVE-2025-8250 affects code-projects Exam Form Submission 1.0. The issue is located in an unknown function of the file /admin/update_s4.php and stems from manipulating the credits argument, which leads to an SQL injection. The exploit is capable of remote execution, and public disclosure of the ex...
CVE-2025-8272
CVE-2025-8272 affects code-projects Exam Form Submission v1.0. The vulnerability occurs in /admin/update_fst.php due to manipulation of the credits parameter, leading to SQL injection. Exploitation appears to be remote with public disclosure. Impact is described as high/critical across confidenti...
CVE-2025-8328
CVE-2025-8328 relates to code-projects’ Exam Form Submission 1.0. The vulnerability resides in /register.php where the USN parameter can be manipulated to perform SQL injection. Exploitation is possible remotely and public exploits have been disclosed. Multiple connected sources corroborate the i...
CVE-2025-8371
CVE-2025-8371 pertains to code-projects Exam Form Submission 1.0, where the vulnerability resides in an unknown function within /admin/update_s5.php. The credits parameter is susceptible to SQL injection, exploitable remotely and with exploits disclosed publicly. Multiple connected sources (CNVD,...
CVE-2025-8239
CVE-2025-8239 affects code-projects Exam Form Submission 1.0. The vulnerability is an SQL injection in the /admin/ area caused by unsafely using the email parameter, exploitable remotely and publicly disclosed. Multiple sources corroborate remote exploitation and high/severe impact across confide...
CVE-2025-8240
Summary: CVE-2025-8240 affects code-projects’ Exam Form Submission 1.0. The vulnerability is a SQL injection in the /user/dashboard.php file triggered by manipulating the phone parameter. This enables remote exploitation; multiple sources indicate a critical severity. The root cause is unsafely f...
CVE-2025-8270
CVE-2025-8270 affects code-projects Exam Form Submission 1.0. The vulnerable component is the /admin/delete_s2.php file, where manipulation of the ID parameter enables SQL injection. Exploitation is remotely possible and exploits have been publicly disclosed. Multiple sources corroborate the issu...
CVE-2025-8238
The CVE-2025-8238 issue affects code-projects Exam Form Submission 1.0, with the vulnerability in /admin/update_s2.php where manipulating the credits parameter enables SQL injection. Remote exploitation is possible, and public exploits have been disclosed. Multiple sources corroborate the flaw an...
CVE-2025-8327
CVE-2025-8327 affects code-projects Exam Form Submission 1.0. The vulnerability is a SQL injection in the parameter ID of the file /admin/delete_s8.php, enabling remote exploitation. Multiple connected sources confirm the attack vector is via ID manipulation and that exploitation has been publicl...
CVE-2026-5106
Affects code-projects Exam Form Submission 1.0 . The vulnerability lies in the file /admin/update_fst.php where manipulating the sname argument can cause cross-site scripting (XSS). It can be triggered remotely and an exploit has been published. The Connected documents do not provide a specific C...