CVE-2025-0200

CVE-2025-0200 affects the code-projects Point of Sales and Inventory Management System 1.0. The vulnerability is an SQL injection in the unknown functionality of the /user/search_num.php page, triggered by manipulating the search argument. Exploitation is described as remote and the exploit has b...

CVE-2025-0201

CVE-2025-0201 affects code-projects Point of Sales and Inventory Management System 1.0. A vulnerability in /user/update_account.php allows SQL injection through the username parameter. Exploitation is remote, and public disclosures exist. The available sources do not provide a confirmed patch or ...

CVE-2025-0199

CVE-2025-0199 affects code-projects Point of Sales and Inventory Management System 1.0, with an SQL injection in /user/minus_cart.php triggered by manipulating the id parameter. The vulnerability is described as remote-exploitable and publicly disclosed. Connected sources (NVD, Red Hat, CVE listi...

CVE-2025-0174

CVE-2025-0174 affects code-projects Point of Sales and Inventory Management System 1.0. The vulnerability resides in /user/search_result2.php (Parameter Handler) where the search parameter handling enables remote SQL injection. Exploitation has been disclosed publicly and is corroborated by multi...

CVE-2025-0197

CVE-2025-0197 affects code-projects Point of Sales and Inventory Management System 1.0. The vulnerability is an SQL injection in the /user/search.php endpoint caused by unsafely handling the name parameter. It can be exploited remotely and has public disclosure. A practical interim mitigation fro...

CVE-2025-0198

CVE-2025-0198 affects the code-projects Point of Sales and Inventory Management System 1.0. The vulnerability is an SQL injection in the file path /user/search_result.php where the parameter in the id argument is manipulated. It can be exploited remotely and the exploit has been disclosed publicl...

CVE-2025-0195

CVE-2025-0195 concerns Code Projects’ Point of Sales and Inventory Management System v1.0. The vulnerability is in the file /user/del_product.php, where manipulating the id argument enables SQL injection. The attack is described as executable remotely, and the exploit has been disclosed publicly ...

CVE-2023-7075

CVE-2023-7075 affects code-projects Point of Sales and Inventory Management System 1.0. A cross-site scripting vulnerability exists in the /main/checkout.php file, triggered by manipulating the pt parameter. The issue is exploitable remotely and public exploits have been disclosed. No patch/versi...

CVE-2025-0196

Code-Projects Point of Sales and Inventory Management System 1.0 is affected by an SQL injection in /user/plist.php via the cat parameter. The vulnerability enables remote exploitation and is publicly disclosed; the exact root cause is an injection flaw in that file, affecting the handling of the...

CVE-2025-0176

CVE-2025-0176 concerns code-projects’ Point of Sales and Inventory Management System 1.0. The vulnerability is in the file /user/add_cart.php, where manipulation of the arguments id/qty leads to a SQL injection. This could enable a remote attacker to influence the database without authentication,...