Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-10738

Summary
Assigner-VulDB
Assigner Org ID-1af790b2-7ee1-4545-860a-a788eba489b5
Published At-03 Nov, 2024 | 17:00
Updated At-04 Nov, 2024 | 18:13
Rejected At-
Credits

itsourcecode Farm Management System manage-breed.php sql injection

A vulnerability classified as critical was found in itsourcecode Farm Management System 1.0. Affected by this vulnerability is an unknown functionality of the file manage-breed.php. The manipulation of the argument breed leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:VulDB
Assigner Org ID:1af790b2-7ee1-4545-860a-a788eba489b5
Published At:03 Nov, 2024 | 17:00
Updated At:04 Nov, 2024 | 18:13
Rejected At:
▼CVE Numbering Authority (CNA)
itsourcecode Farm Management System manage-breed.php sql injection

A vulnerability classified as critical was found in itsourcecode Farm Management System 1.0. Affected by this vulnerability is an unknown functionality of the file manage-breed.php. The manipulation of the argument breed leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Affected Products
Vendor
ITSourceCodeitsourcecode
Product
Farm Management System
Versions
Affected
  • 1.0
Problem Types
TypeCWE IDDescription
CWECWE-89SQL Injection
Type: CWE
CWE ID: CWE-89
Description: SQL Injection
Metrics
VersionBase scoreBase severityVector
4.05.3MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
3.16.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
3.06.3MEDIUM
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
2.06.5N/A
AV:N/AC:L/Au:S/C:P/I:P/A:P
Version: 4.0
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
Version: 3.1
Base score: 6.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Version: 3.0
Base score: 6.3
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Version: 2.0
Base score: 6.5
Base severity: N/A
Vector:
AV:N/AC:L/Au:S/C:P/I:P/A:P
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
reporter
xiao_y (VulDB User)
Timeline
EventDate
Advisory disclosed2024-11-02 00:00:00
VulDB entry created2024-11-02 01:00:00
VulDB entry last update2024-11-02 19:25:10
Event: Advisory disclosed
Date: 2024-11-02 00:00:00
Event: VulDB entry created
Date: 2024-11-02 01:00:00
Event: VulDB entry last update
Date: 2024-11-02 19:25:10
Replaced By
Rejected Reason
References
HyperlinkResource
https://vuldb.com/?id.282907
vdb-entry
technical-description
https://vuldb.com/?ctiid.282907
signature
permissions-required
https://vuldb.com/?submit.435539
third-party-advisory
https://github.com/Nightmaremassacre/cve/issues/3
exploit
issue-tracking
https://itsourcecode.com/
product
Hyperlink: https://vuldb.com/?id.282907
Resource:
vdb-entry
technical-description
Hyperlink: https://vuldb.com/?ctiid.282907
Resource:
signature
permissions-required
Hyperlink: https://vuldb.com/?submit.435539
Resource:
third-party-advisory
Hyperlink: https://github.com/Nightmaremassacre/cve/issues/3
Resource:
exploit
issue-tracking
Hyperlink: https://itsourcecode.com/
Resource:
product
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Vendor
ITSourceCodeitsourcecode
Product
farm_management_system
CPEs
  • cpe:2.3:a:itsourcecode:farm_management_system:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • 1.0
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cna@vuldb.com
Published At:03 Nov, 2024 | 17:15
Updated At:05 Nov, 2024 | 20:16

A vulnerability classified as critical was found in itsourcecode Farm Management System 1.0. Affected by this vulnerability is an unknown functionality of the file manage-breed.php. The manipulation of the argument breed leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.05.3MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Secondary3.16.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Secondary2.06.5MEDIUM
AV:N/AC:L/Au:S/C:P/I:P/A:P
Type: Secondary
Version: 4.0
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Primary
Version: 3.1
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 6.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Type: Secondary
Version: 2.0
Base score: 6.5
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:S/C:P/I:P/A:P
CPE Matches
Angel Jude Reyes Suarez
angeljudesuarez
>>farm_management_system>>1.0
cpe:2.3:a:angeljudesuarez:farm_management_system:1.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-89Primarycna@vuldb.com
CWE ID: CWE-89
Type: Primary
Source: cna@vuldb.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/Nightmaremassacre/cve/issues/3cna@vuldb.com
Exploit
https://itsourcecode.com/cna@vuldb.com
Product
https://vuldb.com/?ctiid.282907cna@vuldb.com
Permissions Required
VDB Entry
https://vuldb.com/?id.282907cna@vuldb.com
Third Party Advisory
VDB Entry
https://vuldb.com/?submit.435539cna@vuldb.com
Third Party Advisory
VDB Entry
Hyperlink: https://github.com/Nightmaremassacre/cve/issues/3
Source: cna@vuldb.com
Resource:
Exploit
Hyperlink: https://itsourcecode.com/
Source: cna@vuldb.com
Resource:
Product
Hyperlink: https://vuldb.com/?ctiid.282907
Source: cna@vuldb.com
Resource:
Permissions Required
VDB Entry
Hyperlink: https://vuldb.com/?id.282907
Source: cna@vuldb.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://vuldb.com/?submit.435539
Source: cna@vuldb.com
Resource:
Third Party Advisory
VDB Entry

Change History

0
Information is not available yet

Similar CVEs

8982Records found
CVE-2025-4483
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.20% / 42.48%
||
7 Day CHG~0.00%
Published-09 May, 2025 | 17:31
Updated-22 Dec, 2025 | 19:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
itsourcecode Gym Management System view_pdetails.php sql injection

A vulnerability, which was classified as critical, has been found in itsourcecode Gym Management System 1.0. Affected by this issue is some unknown functionality of the file /view_pdetails.php. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-admercITSourceCodeAdrian Mercurio
Product-gym_management_systemGym Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-4464
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.20% / 42.48%
||
7 Day CHG~0.00%
Published-09 May, 2025 | 05:31
Updated-22 Dec, 2025 | 19:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
itsourcecode Gym Management System ajax.php sql injection

A vulnerability has been found in itsourcecode Gym Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /ajax.php?action=save_plan. The manipulation of the argument plan leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-admercITSourceCodeAdrian Mercurio
Product-gym_management_systemGym Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-3981
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.04% / 11.85%
||
7 Day CHG~0.00%
Published-12 Mar, 2026 | 04:32
Updated-16 Mar, 2026 | 13:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
itsourcecode Online Doctor Appointment System doctor_action.php sql injection

A vulnerability was found in itsourcecode Online Doctor Appointment System 1.0. Affected is an unknown function of the file /admin/doctor_action.php. Performing a manipulation of the argument ID results in sql injection. Remote exploitation of the attack is possible. The exploit has been made public and could be used.

Action-Not Available
Vendor-unguardableITSourceCode
Product-online_doctor_appointment_systemOnline Doctor Appointment System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-4363
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.20% / 42.48%
||
7 Day CHG~0.00%
Published-06 May, 2025 | 15:31
Updated-19 Dec, 2025 | 21:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
itsourcecode Gym Management System ajax.php sql injection

A vulnerability, which was classified as critical, has been found in itsourcecode Gym Management System 1.0. This issue affects some unknown processing of the file /ajax.php?action=end_membership. The manipulation of the argument rid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-admercITSourceCodeAdrian Mercurio
Product-gym_management_systemGym Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-4014
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.04% / 11.85%
||
7 Day CHG~0.00%
Published-12 Mar, 2026 | 08:02
Updated-13 Mar, 2026 | 20:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
itsourcecode Cafe Reservation System Registration signup.php sql injection

A security flaw has been discovered in itsourcecode Cafe Reservation System 1.0. This impacts an unknown function of the file /curvus2/signup.php of the component Registration. Performing a manipulation of the argument Username results in sql injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks.

Action-Not Available
Vendor-luffypiratesITSourceCode
Product-cafe_reservation_systemCafe Reservation System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-4301
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.20% / 42.48%
||
7 Day CHG~0.00%
Published-06 May, 2025 | 00:31
Updated-13 May, 2025 | 20:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
itsourcecode Content Management System search-notice.php sql injection

A vulnerability classified as critical was found in itsourcecode Content Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /search-notice.php. The manipulation of the argument searchdata leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-emiloiITSourceCode
Product-content_management_systemContent Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-4300
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.20% / 42.48%
||
7 Day CHG~0.00%
Published-06 May, 2025 | 00:00
Updated-13 May, 2025 | 20:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
itsourcecode Content Management System search_list.php sql injection

A vulnerability classified as critical has been found in itsourcecode Content Management System 1.0. Affected is an unknown function of the file /search_list.php. The manipulation of the argument Search leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-emiloiITSourceCode
Product-content_management_systemContent Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-4311
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.20% / 42.48%
||
7 Day CHG~0.00%
Published-06 May, 2025 | 04:00
Updated-13 May, 2025 | 20:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
itsourcecode Content Management System update_main_topic_img.php sql injection

A vulnerability classified as critical was found in itsourcecode Content Management System 1.0. This vulnerability affects unknown code of the file /admin/update_main_topic_img.php?topic_id=529. The manipulation of the argument stopic_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-emiloiITSourceCode
Product-content_management_systemContent Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-3980
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.04% / 11.85%
||
7 Day CHG~0.00%
Published-12 Mar, 2026 | 04:02
Updated-16 Mar, 2026 | 13:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
itsourcecode Online Doctor Appointment System patient_action.php sql injection

A vulnerability has been found in itsourcecode Online Doctor Appointment System 1.0. This impacts an unknown function of the file /admin/patient_action.php. Such manipulation of the argument patient_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-unguardableITSourceCode
Product-online_doctor_appointment_systemOnline Doctor Appointment System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-3760
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.01% / 2.02%
||
7 Day CHG~0.00%
Published-08 Mar, 2026 | 18:32
Updated-11 Mar, 2026 | 19:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
itsourcecode University Management System view_result.php sql injection

A vulnerability was detected in itsourcecode University Management System 1.0. This vulnerability affects unknown code of the file /view_result.php. Performing a manipulation of the argument seme results in sql injection. The attack is possible to be carried out remotely. The exploit is now public and may be used.

Action-Not Available
Vendor-Angel Jude Reyes SuarezITSourceCode
Product-university_management_systemUniversity Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-3765
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.04% / 11.37%
||
7 Day CHG~0.00%
Published-08 Mar, 2026 | 20:02
Updated-10 Mar, 2026 | 20:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
itsourcecode University Management System att_single_view.php sql injection

A vulnerability was identified in itsourcecode University Management System 1.0. This affects an unknown function of the file /att_single_view.php. Such manipulation of the argument dt leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be used.

Action-Not Available
Vendor-Angel Jude Reyes SuarezITSourceCode
Product-university_management_systemUniversity Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-3767
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 11.48%
||
7 Day CHG~0.00%
Published-08 Mar, 2026 | 20:32
Updated-10 Mar, 2026 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
itsourcecode sanitize or validate this input teacher-attendance.php sql injection

A weakness has been identified in itsourcecode sanitize or validate this input 1.0. Affected is an unknown function of the file /admin/teacher-attendance.php. Executing a manipulation of the argument teacher_id can lead to sql injection. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks.

Action-Not Available
Vendor-Angel Jude Reyes SuarezITSourceCode
Product-college_management_systemsanitize or validate this input
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-36233
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.05% / 15.81%
||
7 Day CHG~0.00%
Published-10 Apr, 2026 | 00:00
Updated-14 Apr, 2026 | 17:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A SQL injection vulnerability was found in the assignInstructorSubjects.php file of itsourcecode Online Student Enrollment System v1.0. The reason for this issue is that attackers can inject malicious code via the parameter "subjcode" and use it directly in SQL queries without the need for appropriate cleaning or validation.

Action-Not Available
Vendor-n/aITSourceCode
Product-online_student_enrollment_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-3740
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.04% / 11.37%
||
7 Day CHG~0.00%
Published-08 Mar, 2026 | 14:32
Updated-12 Mar, 2026 | 15:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
itsourcecode University Management System admin_search_student.php sql injection

A weakness has been identified in itsourcecode University Management System 1.0. Impacted is an unknown function of the file /admin_search_student.php. This manipulation of the argument admin_search_student causes sql injection. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used for attacks.

Action-Not Available
Vendor-Angel Jude Reyes SuarezITSourceCode
Product-university_management_systemUniversity Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-36234
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.05% / 15.81%
||
7 Day CHG~0.00%
Published-10 Apr, 2026 | 00:00
Updated-14 Apr, 2026 | 17:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

itsourcecode Online Student Enrollment System v1.0 is vulnerable to SQL Injection in newCourse.php via the 'coursename' parameter.

Action-Not Available
Vendor-n/aITSourceCode
Product-online_student_enrollment_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-3747
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.04% / 11.37%
||
7 Day CHG~0.00%
Published-08 Mar, 2026 | 16:02
Updated-11 Mar, 2026 | 19:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
itsourcecode University Management System add_result.php sql injection

A vulnerability was identified in itsourcecode University Management System 1.0. Affected by this issue is some unknown functionality of the file /add_result.php. Such manipulation of the argument subject leads to sql injection. The attack may be launched remotely. The exploit is publicly available and might be used.

Action-Not Available
Vendor-Angel Jude Reyes SuarezITSourceCode
Product-university_management_systemUniversity Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-3413
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.01% / 3.42%
||
7 Day CHG~0.00%
Published-02 Mar, 2026 | 06:02
Updated-03 Mar, 2026 | 19:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
itsourcecode University Management System admin_single_student.php sql injection

A flaw has been found in itsourcecode University Management System 1.0. This vulnerability affects unknown code of the file /admin_single_student.php. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may be used.

Action-Not Available
Vendor-ITSourceCodeAngel Jude Reyes Suarez
Product-university_management_systemUniversity Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-3411
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.04% / 14.20%
||
7 Day CHG~0.00%
Published-02 Mar, 2026 | 05:02
Updated-03 Mar, 2026 | 19:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
itsourcecode University Management System admin_single_student_update.php sql injection

A security vulnerability has been detected in itsourcecode University Management System 1.0. Affected by this issue is some unknown functionality of the file /admin_single_student_update.php. The manipulation of the argument ID leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.

Action-Not Available
Vendor-ITSourceCodeAngel Jude Reyes Suarez
Product-university_management_systemUniversity Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-3410
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.04% / 14.20%
||
7 Day CHG~0.00%
Published-02 Mar, 2026 | 04:32
Updated-03 Mar, 2026 | 19:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
itsourcecode Society Management System check_studid.php sql injection

A weakness has been identified in itsourcecode Society Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/check_studid.php. Executing a manipulation of the argument student_id can lead to sql injection. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks.

Action-Not Available
Vendor-ITSourceCodeAngel Jude Reyes Suarez
Product-society_management_systemSociety Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-3261
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.04% / 14.20%
||
7 Day CHG~0.00%
Published-26 Feb, 2026 | 21:02
Updated-27 Feb, 2026 | 16:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
itsourcecode School Management System Setting index.php sql injection

A flaw has been found in itsourcecode School Management System 1.0. This impacts an unknown function of the file /settings/index.php of the component Setting Handler. This manipulation of the argument ID causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used.

Action-Not Available
Vendor-ITSourceCode
Product-school_management_systemSchool Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-3153
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.04% / 11.85%
||
7 Day CHG~0.00%
Published-25 Feb, 2026 | 05:32
Updated-25 Feb, 2026 | 15:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
itsourcecode Document Management System register.php sql injection

A vulnerability has been found in itsourcecode Document Management System 1.0. Impacted is an unknown function of the file /register.php. Such manipulation of the argument Username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-admercITSourceCode
Product-document_management_systemDocument Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-3069
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.04% / 14.20%
||
7 Day CHG~0.00%
Published-24 Feb, 2026 | 04:02
Updated-24 Feb, 2026 | 21:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
itsourcecode Document Management System edtlbls.php sql injection

A security vulnerability has been detected in itsourcecode Document Management System 1.0. Affected is an unknown function of the file /edtlbls.php. The manipulation of the argument field1 leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used.

Action-Not Available
Vendor-admercITSourceCode
Product-document_management_systemDocument Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-3133
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.01% / 3.42%
||
7 Day CHG~0.00%
Published-24 Feb, 2026 | 23:32
Updated-27 Feb, 2026 | 18:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
itsourcecode Document Management System Login loging.php sql injection

A vulnerability has been found in itsourcecode Document Management System 1.0. This issue affects some unknown processing of the file /loging.php of the component Login. The manipulation of the argument Username leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-admercITSourceCode
Product-document_management_systemDocument Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-3151
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.04% / 11.85%
||
7 Day CHG~0.00%
Published-25 Feb, 2026 | 05:02
Updated-25 Feb, 2026 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
itsourcecode College Management System login.php sql injection

A vulnerability was detected in itsourcecode College Management System 1.0. This vulnerability affects unknown code of the file /login/login.php. The manipulation of the argument email results in sql injection. The attack may be performed from remote. The exploit is now public and may be used.

Action-Not Available
Vendor-Angel Jude Reyes SuarezITSourceCode
Product-college_management_systemCollege Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-3068
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.04% / 14.20%
||
7 Day CHG~0.00%
Published-24 Feb, 2026 | 03:32
Updated-24 Feb, 2026 | 21:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
itsourcecode Document Management System deluser.php sql injection

A weakness has been identified in itsourcecode Document Management System 1.0. This impacts an unknown function of the file /deluser.php. Executing a manipulation of the argument user2del can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks.

Action-Not Available
Vendor-admercITSourceCode
Product-document_management_systemDocument Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-3135
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.04% / 14.20%
||
7 Day CHG~0.00%
Published-25 Feb, 2026 | 00:02
Updated-26 Feb, 2026 | 20:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
itsourcecode News Portal Project add-category.php sql injection

A weakness has been identified in itsourcecode News Portal Project 1.0. The impacted element is an unknown function of the file /admin/add-category.php. This manipulation of the argument Category causes sql injection. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks.

Action-Not Available
Vendor-clive_21ITSourceCode
Product-news_portal_projectNews Portal Project
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-3150
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 13.73%
||
7 Day CHG~0.00%
Published-25 Feb, 2026 | 04:32
Updated-25 Feb, 2026 | 17:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
itsourcecode College Management System display-teacher.php sql injection

A security vulnerability has been detected in itsourcecode College Management System 1.0. This affects an unknown part of the file /admin/display-teacher.php. The manipulation of the argument teacher_id leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used.

Action-Not Available
Vendor-Angel Jude Reyes SuarezITSourceCode
Product-college_management_systemCollege Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-3152
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.04% / 11.85%
||
7 Day CHG~0.00%
Published-25 Feb, 2026 | 05:02
Updated-25 Feb, 2026 | 15:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
itsourcecode College Management System teacher-salary.php sql injection

A flaw has been found in itsourcecode College Management System 1.0. This issue affects some unknown processing of the file /admin/teacher-salary.php. This manipulation of the argument teacher_id causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used.

Action-Not Available
Vendor-Angel Jude Reyes SuarezITSourceCode
Product-college_management_systemCollege Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-3134
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.04% / 14.20%
||
7 Day CHG~0.00%
Published-24 Feb, 2026 | 23:32
Updated-27 Feb, 2026 | 18:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
itsourcecode News Portal Project edit-category.php sql injection

A security flaw has been discovered in itsourcecode News Portal Project 1.0. The affected element is an unknown function of the file /newsportal/admin/edit-category.php. The manipulation of the argument Category results in sql injection. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks.

Action-Not Available
Vendor-clive_21ITSourceCode
Product-news_portal_projectNews Portal Project
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-3042
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.04% / 14.20%
||
7 Day CHG~0.00%
Published-23 Feb, 2026 | 23:02
Updated-25 Feb, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
itsourcecode Event Management System index.php sql injection

A vulnerability was detected in itsourcecode Event Management System 1.0. The affected element is an unknown function of the file /admin/index.php. Performing a manipulation of the argument ID results in sql injection. The attack is possible to be carried out remotely. The exploit is now public and may be used.

Action-Not Available
Vendor-admercITSourceCode
Product-event_management_systemEvent Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-3046
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.04% / 14.20%
||
7 Day CHG~0.00%
Published-24 Feb, 2026 | 00:32
Updated-26 Feb, 2026 | 14:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
itsourcecode E-Logbook with Health Monitoring System for COVID-19 check_profile_old.php sql injection

A security vulnerability has been detected in itsourcecode E-Logbook with Health Monitoring System for COVID-19 1.0. This vulnerability affects unknown code of the file /check_profile_old.php. The manipulation of the argument profile_id leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.

Action-Not Available
Vendor-emiloiITSourceCode
Product-e-logbook_with_health_monitoring_system_for_covid-19E-Logbook with Health Monitoring System for COVID-19
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-2867
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.03% / 10.53%
||
7 Day CHG~0.00%
Published-21 Feb, 2026 | 13:32
Updated-23 Feb, 2026 | 20:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
itsourcecode Vehicle Management System billaction.php sql injection

A vulnerability was determined in itsourcecode Vehicle Management System 1.0. Affected is an unknown function of the file /billaction.php. Executing a manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized.

Action-Not Available
Vendor-admercITSourceCode
Product-vehicle_management_systemVehicle Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-2865
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.04% / 14.20%
||
7 Day CHG~0.00%
Published-21 Feb, 2026 | 07:32
Updated-26 Feb, 2026 | 02:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
itsourcecode Agri-Trading Online Shopping System HTTP POST Request productcontroller.php sql injection

A vulnerability was found in itsourcecode Agri-Trading Online Shopping System 1.0. This impacts an unknown function of the file admin/productcontroller.php of the component HTTP POST Request Handler. Performing a manipulation of the argument Product results in sql injection. The attack may be initiated remotely. The exploit has been made public and could be used.

Action-Not Available
Vendor-Adones EvangelistaITSourceCode
Product-agri-trading_online_shopping_systemAgri-Trading Online Shopping System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-29999
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.26% / 50.08%
||
7 Day CHG~0.00%
Published-12 May, 2022 | 15:17
Updated-22 Apr, 2025 | 16:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insurance Management System 1.0 is vulnerable to SQL Injection via /insurance/editClient.php?client_id=.

Action-Not Available
Vendor-n/aAngel Jude Reyes Suarez
Product-insurance_management_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-30001
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.26% / 50.08%
||
7 Day CHG~0.00%
Published-12 May, 2022 | 15:14
Updated-22 Apr, 2025 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insurance Management System 1.0 is vulnerable to SQL Injection via /insurance/editAgent.php?agent_id=.

Action-Not Available
Vendor-n/aAngel Jude Reyes Suarez
Product-insurance_management_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-30002
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-7.2||HIGH
EPSS-0.27% / 51.13%
||
7 Day CHG~0.00%
Published-12 May, 2022 | 15:13
Updated-22 Apr, 2025 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insurance Management System 1.0 is vulnerable to SQL Injection via /insurance/editNominee.php?nominee_id=.

Action-Not Available
Vendor-n/aAngel Jude Reyes Suarez
Product-insurance_management_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-29998
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.26% / 50.08%
||
7 Day CHG~0.00%
Published-12 May, 2022 | 15:18
Updated-22 Apr, 2025 | 16:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insurance Management System 1.0 is vulnerable to SQL Injection via /insurance/clientStatus.php?client_id=.

Action-Not Available
Vendor-n/aAngel Jude Reyes Suarez
Product-insurance_management_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-2690
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.01% / 3.42%
||
7 Day CHG~0.00%
Published-19 Feb, 2026 | 01:02
Updated-24 Feb, 2026 | 20:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
itsourcecode Event Management System Admin Login ajax.php sql injection

A flaw has been found in itsourcecode Event Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/ajax.php?action=login of the component Admin Login. This manipulation of the argument Username causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used.

Action-Not Available
Vendor-admercITSourceCode
Product-event_management_systemEvent Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-2691
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.01% / 3.42%
||
7 Day CHG~0.00%
Published-19 Feb, 2026 | 01:32
Updated-24 Feb, 2026 | 15:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
itsourcecode Event Management System manage_register.php sql injection

A vulnerability has been found in itsourcecode Event Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/manage_register.php. Such manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-admercITSourceCode
Product-event_management_systemEvent Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-36232
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.05% / 14.98%
||
7 Day CHG~0.00%
Published-10 Apr, 2026 | 00:00
Updated-14 Apr, 2026 | 17:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A SQL injection vulnerability was found in the instructorClasses.php file of itsourcecode Online Student Enrollment System v1.0. The reason for this issue is that the 'classId' parameter from $_GET['classId'] is directly concatenated into the SQL query without any sanitization or validation.

Action-Not Available
Vendor-n/aITSourceCode
Product-online_student_enrollment_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-2689
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.01% / 3.42%
||
7 Day CHG~0.00%
Published-19 Feb, 2026 | 00:32
Updated-24 Feb, 2026 | 20:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
itsourcecode Event Management System manage_booking.php sql injection

A vulnerability was detected in itsourcecode Event Management System 1.0. Affected is an unknown function of the file /admin/manage_booking.php. The manipulation of the argument ID results in sql injection. The attack may be performed from remote. The exploit is now public and may be used.

Action-Not Available
Vendor-admercITSourceCode
Product-event_management_systemEvent Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-3944
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.04% / 11.85%
||
7 Day CHG~0.00%
Published-11 Mar, 2026 | 12:32
Updated-12 Mar, 2026 | 15:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
itsourcecode University Management System att_add.php sql injection

A vulnerability was determined in itsourcecode University Management System 1.0. This vulnerability affects unknown code of the file /att_add.php. This manipulation of the argument Name causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized.

Action-Not Available
Vendor-Angel Jude Reyes SuarezITSourceCode
Product-university_management_systemUniversity Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-3149
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 13.73%
||
7 Day CHG~0.00%
Published-25 Feb, 2026 | 04:02
Updated-25 Feb, 2026 | 17:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
itsourcecode College Management System asign-single-student-subjects.php sql injection

A weakness has been identified in itsourcecode College Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/asign-single-student-subjects.php. Executing a manipulation of the argument course_code can lead to sql injection. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks.

Action-Not Available
Vendor-Angel Jude Reyes SuarezITSourceCode
Product-college_management_systemCollege Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-40393
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.28% / 51.41%
||
7 Day CHG~0.00%
Published-16 Jul, 2024 | 00:00
Updated-18 Mar, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Online Clinic Management System In PHP With Free Source code v1.0 was discovered to contain a SQL injection vulnerability via the user parameter at login.php.

Action-Not Available
Vendor-n/aAngel Jude Reyes Suarez
Product-online_clinic_management_systemn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-4726
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.20% / 42.48%
||
7 Day CHG~0.00%
Published-15 May, 2025 | 22:31
Updated-27 May, 2025 | 19:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
itsourcecode Placement Management System view_student.php sql injection

A vulnerability has been found in itsourcecode Placement Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /view_student.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-ITSourceCodeAngel Jude Reyes Suarez
Product-placement_management_systemPlacement Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-4722
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.20% / 42.48%
||
7 Day CHG~0.00%
Published-15 May, 2025 | 21:31
Updated-27 May, 2025 | 14:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
itsourcecode Placement Management System edit_profile.php sql injection

A vulnerability classified as critical has been found in itsourcecode Placement Management System 1.0. Affected is an unknown function of the file /edit_profile.php. The manipulation of the argument Name leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-ITSourceCodeAngel Jude Reyes Suarez
Product-placement_management_systemPlacement Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2026-1119
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.02% / 4.82%
||
7 Day CHG~0.00%
Published-18 Jan, 2026 | 11:32
Updated-23 Feb, 2026 | 08:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
itsourcecode Society Management System delete_activity.php sql injection

A flaw has been found in itsourcecode Society Management System 1.0. The affected element is an unknown function of the file /admin/delete_activity.php. Executing a manipulation of the argument activity_id can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may be used.

Action-Not Available
Vendor-Angel Jude Reyes SuarezITSourceCode
Product-society_management_systemSociety Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-3195
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.40% / 61.05%
||
7 Day CHG~0.00%
Published-04 Apr, 2025 | 01:00
Updated-15 Apr, 2025 | 18:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
itsourcecode Online Blood Bank Management System bbms.php sql injection

A vulnerability, which was classified as critical, has been found in itsourcecode Online Blood Bank Management System 1.0. This issue affects some unknown processing of the file /bbms.php. The manipulation of the argument Search leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-ITSourceCodeAdones Evangelista
Product-online_blood_bank_management_systemOnline Blood Bank Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-3245
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.18% / 39.78%
||
7 Day CHG~0.00%
Published-04 Apr, 2025 | 12:00
Updated-23 Apr, 2025 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
itsourcecode Library Management System Forgot.java search sql injection

A vulnerability was found in itsourcecode Library Management System 1.0. It has been rated as critical. Affected by this issue is the function Search of the file library_management/src/Library_Management/Forgot.java. The manipulation of the argument txtuname leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-ITSourceCodeAngel Jude Reyes Suarez
Product-library_management_systemLibrary Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-4723
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.20% / 42.48%
||
7 Day CHG~0.00%
Published-15 May, 2025 | 21:31
Updated-27 May, 2025 | 14:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
itsourcecode Placement Management System all_student.php sql injection

A vulnerability classified as critical was found in itsourcecode Placement Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /all_student.php. The manipulation of the argument delete leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-ITSourceCodeAngel Jude Reyes Suarez
Product-placement_management_systemPlacement Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 179
  • 180
  • Next
Details not found