3 matches found
CVE-2024-0182
CVE-2024-0182 corresponds to a SQL injection in SourceCodester Engineers Online Portal 1.0. The /admin/ Admin Login functionality is vulnerable via manipulating the username/password parameters, allowing remote execution of SQL queries. Multiple sources (NVD, CVE lists, Red Hat, PRION, VulnDB) co...
CVE-2023-7160
CVE-2023-7160 affects SourceCodester Engineers Online Portal 1.0, specifically the Add Engineer Handler. The vulnerability arises from handling the first name/last name input, where injected script tags like can trigger cross-site scripting. The issue can be exploited remotely, and the exploit h...
CVE-2026-36236
SourceCodester Engineers Online Portal v1.0 is affected by a SQL Injection in update_password.php via the new_password parameter. The CVE-2026-36236 entry has a CVSS v3.1 base score of 9.8 (CRITICAL) with network attack vector, no privileges, no user interaction, and impacts to confidentiality, i...