Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-2554

Summary
Assigner-VulDB
Assigner Org ID-1af790b2-7ee1-4545-860a-a788eba489b5
Published At-17 Mar, 2024 | 04:31
Updated At-22 Aug, 2024 | 19:10
Rejected At-
Credits

SourceCodester Employee Task Management System update-employee.php sql injection

A vulnerability has been found in SourceCodester Employee Task Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file update-employee.php. The manipulation of the argument admin_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257053 was assigned to this vulnerability.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:VulDB
Assigner Org ID:1af790b2-7ee1-4545-860a-a788eba489b5
Published At:17 Mar, 2024 | 04:31
Updated At:22 Aug, 2024 | 19:10
Rejected At:
▼CVE Numbering Authority (CNA)
SourceCodester Employee Task Management System update-employee.php sql injection

A vulnerability has been found in SourceCodester Employee Task Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file update-employee.php. The manipulation of the argument admin_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257053 was assigned to this vulnerability.

Affected Products
Vendor
SourceCodesterSourceCodester
Product
Employee Task Management System
Versions
Affected
  • 1.0
Problem Types
TypeCWE IDDescription
CWECWE-89CWE-89 SQL Injection
Type: CWE
CWE ID: CWE-89
Description: CWE-89 SQL Injection
Metrics
VersionBase scoreBase severityVector
3.16.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
3.06.3MEDIUM
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
2.06.5N/A
AV:N/AC:L/Au:S/C:P/I:P/A:P
Version: 3.1
Base score: 6.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Version: 3.0
Base score: 6.3
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Version: 2.0
Base score: 6.5
Base severity: N/A
Vector:
AV:N/AC:L/Au:S/C:P/I:P/A:P
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
reporter
Peanut (VulDB User)
Timeline
EventDate
Advisory disclosed2024-03-16 00:00:00
VulDB entry created2024-03-16 01:00:00
VulDB entry last update2024-03-16 07:19:20
Event: Advisory disclosed
Date: 2024-03-16 00:00:00
Event: VulDB entry created
Date: 2024-03-16 01:00:00
Event: VulDB entry last update
Date: 2024-03-16 07:19:20
Replaced By
Rejected Reason
References
HyperlinkResource
https://vuldb.com/?id.257053
vdb-entry
technical-description
https://vuldb.com/?ctiid.257053
signature
permissions-required
https://github.com/Peanut886/Vulnerability/blob/main/webray.com.cn/2024/Task%20Management%20System%20-%20multiple%20vulnerabilities.md#3sql-injection-vulnerability-in-update-employeephp
exploit
patch
Hyperlink: https://vuldb.com/?id.257053
Resource:
vdb-entry
technical-description
Hyperlink: https://vuldb.com/?ctiid.257053
Resource:
signature
permissions-required
Hyperlink: https://github.com/Peanut886/Vulnerability/blob/main/webray.com.cn/2024/Task%20Management%20System%20-%20multiple%20vulnerabilities.md#3sql-injection-vulnerability-in-update-employeephp
Resource:
exploit
patch
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://vuldb.com/?id.257053
vdb-entry
technical-description
x_transferred
https://vuldb.com/?ctiid.257053
signature
permissions-required
x_transferred
https://github.com/Peanut886/Vulnerability/blob/main/webray.com.cn/2024/Task%20Management%20System%20-%20multiple%20vulnerabilities.md#3sql-injection-vulnerability-in-update-employeephp
exploit
patch
x_transferred
Hyperlink: https://vuldb.com/?id.257053
Resource:
vdb-entry
technical-description
x_transferred
Hyperlink: https://vuldb.com/?ctiid.257053
Resource:
signature
permissions-required
x_transferred
Hyperlink: https://github.com/Peanut886/Vulnerability/blob/main/webray.com.cn/2024/Task%20Management%20System%20-%20multiple%20vulnerabilities.md#3sql-injection-vulnerability-in-update-employeephp
Resource:
exploit
patch
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Vendor
SourceCodestersourcecodester
Product
employee_task_management_system
CPEs
  • cpe:2.3:a:sourcecodester:employee_task_management_system:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • 1.0
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cna@vuldb.com
Published At:17 Mar, 2024 | 05:15
Updated At:17 May, 2024 | 02:38

A vulnerability has been found in SourceCodester Employee Task Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file update-employee.php. The manipulation of the argument admin_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257053 was assigned to this vulnerability.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.16.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Secondary2.06.5MEDIUM
AV:N/AC:L/Au:S/C:P/I:P/A:P
Type: Secondary
Version: 3.1
Base score: 6.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Type: Secondary
Version: 2.0
Base score: 6.5
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:S/C:P/I:P/A:P
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-89Primarycna@vuldb.com
CWE ID: CWE-89
Type: Primary
Source: cna@vuldb.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/Peanut886/Vulnerability/blob/main/webray.com.cn/2024/Task%20Management%20System%20-%20multiple%20vulnerabilities.md#3sql-injection-vulnerability-in-update-employeephpcna@vuldb.com
N/A
https://vuldb.com/?ctiid.257053cna@vuldb.com
N/A
https://vuldb.com/?id.257053cna@vuldb.com
N/A
Hyperlink: https://github.com/Peanut886/Vulnerability/blob/main/webray.com.cn/2024/Task%20Management%20System%20-%20multiple%20vulnerabilities.md#3sql-injection-vulnerability-in-update-employeephp
Source: cna@vuldb.com
Resource: N/A
Hyperlink: https://vuldb.com/?ctiid.257053
Source: cna@vuldb.com
Resource: N/A
Hyperlink: https://vuldb.com/?id.257053
Source: cna@vuldb.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

4204Records found
CVE-2025-11469
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.03% / 8.88%
||
7 Day CHG~0.00%
Published-08 Oct, 2025 | 10:02
Updated-09 Oct, 2025 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Hotel and Lodge Management System save_customer.php sql injection

A weakness has been identified in SourceCodester Hotel and Lodge Management System 1.0. The affected element is an unknown function of the file /pages/save_customer.php. Executing manipulation of the argument Contact can lead to sql injection. The attack can be executed remotely. The exploit has been made available to the public and could be exploited.

Action-Not Available
Vendor-nikhil-bhaleraoSourceCodester
Product-hotel_and_lodge_management_systemHotel and Lodge Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-11400
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 12.33%
||
7 Day CHG+0.01%
Published-07 Oct, 2025 | 16:02
Updated-09 Oct, 2025 | 16:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Hotel and Lodge Management System del_room.php sql injection

A vulnerability was detected in SourceCodester Hotel and Lodge Management System 1.0. This impacts an unknown function of the file /del_room.php. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit is now public and may be used.

Action-Not Available
Vendor-nikhil-bhaleraoSourceCodester
Product-hotel_and_lodge_management_systemHotel and Lodge Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-11402
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 12.33%
||
7 Day CHG+0.01%
Published-07 Oct, 2025 | 17:32
Updated-09 Oct, 2025 | 16:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Hotel and Lodge Management System del_curr.php sql injection

A vulnerability has been found in SourceCodester Hotel and Lodge Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /del_curr.php. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-nikhil-bhaleraoSourceCodester
Product-hotel_and_lodge_management_systemHotel and Lodge Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-11486
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.03% / 8.88%
||
7 Day CHG~0.00%
Published-08 Oct, 2025 | 17:02
Updated-10 Oct, 2025 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Farm Management System buyNow.php sql injection

A vulnerability was identified in SourceCodester Farm Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /buyNow.php. Such manipulation of the argument Name leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be used.

Action-Not Available
Vendor-SourceCodesterjanobe
Product-farm_management_systemFarm Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-11405
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 12.33%
||
7 Day CHG+0.01%
Published-07 Oct, 2025 | 19:02
Updated-09 Oct, 2025 | 16:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Hotel and Lodge Management System del_tax.php sql injection

A vulnerability was identified in SourceCodester Hotel and Lodge Management System 1.0. This vulnerability affects unknown code of the file /del_tax.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit is publicly available and might be used.

Action-Not Available
Vendor-nikhil-bhaleraoSourceCodester
Product-hotel_and_lodge_management_systemHotel and Lodge Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-11611
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.03% / 8.88%
||
7 Day CHG~0.00%
Published-11 Oct, 2025 | 18:32
Updated-20 Oct, 2025 | 17:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Simple Inventory System user.php sql injection

A weakness has been identified in SourceCodester Simple Inventory System 1.0. Impacted is an unknown function of the file /user.php. This manipulation of the argument uemail causes sql injection. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be exploited.

Action-Not Available
Vendor-CodeAstroSourceCodester
Product-simple_inventory_systemSimple Inventory System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-11399
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 12.33%
||
7 Day CHG+0.01%
Published-07 Oct, 2025 | 15:32
Updated-09 Oct, 2025 | 16:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Hotel and Lodge Management System save_room.php sql injection

A security vulnerability has been detected in SourceCodester Hotel and Lodge Management System 1.0. This affects an unknown function of the file /pages/save_room.php. The manipulation of the argument floorno leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.

Action-Not Available
Vendor-nikhil-bhaleraoSourceCodester
Product-hotel_and_lodge_management_systemHotel and Lodge Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-11404
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 12.33%
||
7 Day CHG+0.01%
Published-07 Oct, 2025 | 18:32
Updated-09 Oct, 2025 | 16:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Hotel and Lodge Management System save_tax.php sql injection

A vulnerability was determined in SourceCodester Hotel and Lodge Management System 1.0. This affects an unknown part of the file /pages/save_tax.php. Executing manipulation of the argument percentage can lead to sql injection. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized.

Action-Not Available
Vendor-nikhil-bhaleraoSourceCodester
Product-hotel_and_lodge_management_systemHotel and Lodge Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-11478
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.03% / 8.88%
||
7 Day CHG~0.00%
Published-08 Oct, 2025 | 14:02
Updated-09 Oct, 2025 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Farm Management System myCart.php sql injection

A weakness has been identified in SourceCodester Farm Management System 1.0. This issue affects some unknown processing of the file /myCart.php. This manipulation of the argument pid causes sql injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited.

Action-Not Available
Vendor-SourceCodesterjanobe
Product-farm_management_systemFarm Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-11610
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.03% / 8.88%
||
7 Day CHG~0.00%
Published-11 Oct, 2025 | 18:02
Updated-20 Oct, 2025 | 17:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Simple Inventory System brand.php sql injection

A security flaw has been discovered in SourceCodester Simple Inventory System 1.0. This issue affects some unknown processing of the file /brand.php. The manipulation of the argument editBrandName results in sql injection. The attack can be executed remotely. The exploit has been released to the public and may be exploited.

Action-Not Available
Vendor-CodeAstroSourceCodester
Product-simple_inventory_systemSimple Inventory System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-10839
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 12.33%
||
7 Day CHG~0.00%
Published-23 Sep, 2025 | 04:32
Updated-25 Sep, 2025 | 16:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Pet Grooming Management Software inv-print.php sql injection

A security flaw has been discovered in SourceCodester Pet Grooming Management Software 1.0. The impacted element is an unknown function of the file /admin/inv-print.php. The manipulation of the argument ID results in sql injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be exploited.

Action-Not Available
Vendor-SourceCodestermayuri_k
Product-pet_grooming_management_softwarePet Grooming Management Software
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-11403
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 12.33%
||
7 Day CHG+0.01%
Published-07 Oct, 2025 | 18:02
Updated-09 Oct, 2025 | 16:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Hotel and Lodge Management System del_booking.php sql injection

A vulnerability was found in SourceCodester Hotel and Lodge Management System 1.0. Affected by this issue is some unknown functionality of the file /del_booking.php. Performing manipulation of the argument ID results in sql injection. It is possible to initiate the attack remotely. The exploit has been made public and could be used.

Action-Not Available
Vendor-nikhil-bhaleraoSourceCodester
Product-hotel_and_lodge_management_systemHotel and Lodge Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-11474
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.03% / 8.88%
||
7 Day CHG~0.00%
Published-08 Oct, 2025 | 12:32
Updated-08 Oct, 2025 | 20:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Hotel and Lodge Management System edit_booking.php sql injection

A vulnerability was found in SourceCodester Hotel and Lodge Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /edit_booking.php. Performing manipulation of the argument Name results in sql injection. The attack can be initiated remotely. The exploit has been made public and could be used.

Action-Not Available
Vendor-nikhil-bhaleraoSourceCodester
Product-hotel_and_lodge_management_systemHotel and Lodge Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-10625
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 13.68%
||
7 Day CHG~0.00%
Published-17 Sep, 2025 | 23:02
Updated-18 Sep, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Online Exam Form Submission dashboard.php sql injection

A vulnerability was detected in SourceCodester Online Exam Form Submission 1.0. Affected by this vulnerability is an unknown functionality of the file /user/dashboard.php?page=update_profile. The manipulation of the argument phone results in sql injection. The attack may be launched remotely. The exploit is now public and may be used. Other parameters might be affected as well.

Action-Not Available
Vendor-SourceCodester
Product-Online Exam Form Submission
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-10407
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 13.68%
||
7 Day CHG~0.00%
Published-14 Sep, 2025 | 19:32
Updated-18 Sep, 2025 | 20:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Student Grading System view_user.php sql injection

A vulnerability was identified in SourceCodester Student Grading System 1.0. Affected by this vulnerability is an unknown functionality of the file /view_user.php. Such manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used.

Action-Not Available
Vendor-SourceCodesterrazormistoretnom23
Product-student_grading_systemStudent Grading System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-10431
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 13.68%
||
7 Day CHG~0.00%
Published-15 Sep, 2025 | 07:02
Updated-18 Sep, 2025 | 19:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Pet Grooming Management Software ajax_represent.php sql injection

A vulnerability has been found in SourceCodester Pet Grooming Management Software 1.0. This affects an unknown part of the file /admin/ajax_represent.php. Such manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-SourceCodestermayuri_k
Product-pet_grooming_management_softwarePet Grooming Management Software
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-10408
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 13.68%
||
7 Day CHG~0.00%
Published-14 Sep, 2025 | 20:02
Updated-18 Sep, 2025 | 20:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Student Grading System edit_user.php sql injection

A security flaw has been discovered in SourceCodester Student Grading System 1.0. Affected by this issue is some unknown functionality of the file /edit_user.php. Performing manipulation of the argument ID results in sql injection. The attack can be initiated remotely. The exploit has been released to the public and may be exploited.

Action-Not Available
Vendor-SourceCodesterrazormistoretnom23
Product-student_grading_systemStudent Grading System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-10593
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 12.61%
||
7 Day CHG~0.00%
Published-17 Sep, 2025 | 13:32
Updated-18 Sep, 2025 | 20:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Online Student File Management System update_student.php sql injection

A vulnerability was detected in SourceCodester Online Student File Management System 1.0. Affected is an unknown function of the file /admin/update_student.php. Performing manipulation of the argument stud_id results in sql injection. It is possible to initiate the attack remotely. The exploit is now public and may be used.

Action-Not Available
Vendor-janobeSourceCodester
Product-online_student_file_management_systemOnline Student File Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-10419
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.06% / 18.70%
||
7 Day CHG~0.00%
Published-15 Sep, 2025 | 01:02
Updated-19 Sep, 2025 | 19:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Student Grading System del_promote.php sql injection

A security vulnerability has been detected in SourceCodester Student Grading System 1.0. Affected by this issue is some unknown functionality of the file /del_promote.php. Such manipulation of the argument sy leads to sql injection. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.

Action-Not Available
Vendor-SourceCodesteroretnom23
Product-student_grading_systemStudent Grading System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-10409
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 13.68%
||
7 Day CHG~0.00%
Published-14 Sep, 2025 | 20:32
Updated-19 Sep, 2025 | 15:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Student Grading System rms.php sql injection

A weakness has been identified in SourceCodester Student Grading System 1.0. This affects an unknown part of the file /rms.php?page=users. Executing manipulation of the argument fname can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the public and could be exploited.

Action-Not Available
Vendor-SourceCodesterrazormistoretnom23
Product-student_grading_systemStudent Grading System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-10594
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 13.68%
||
7 Day CHG~0.00%
Published-17 Sep, 2025 | 14:02
Updated-18 Sep, 2025 | 20:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Online Student File Management System delete_student.php sql injection

A flaw has been found in SourceCodester Online Student File Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/delete_student.php. Executing manipulation of the argument stud_id can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may be used.

Action-Not Available
Vendor-janobeSourceCodester
Product-online_student_file_management_systemOnline Student File Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-10430
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.06% / 19.77%
||
7 Day CHG+0.01%
Published-15 Sep, 2025 | 06:32
Updated-18 Sep, 2025 | 19:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Pet Grooming Management Software barcode.php sql injection

A flaw has been found in SourceCodester Pet Grooming Management Software 1.0. Affected by this issue is some unknown functionality of the file /admin/barcode.php. This manipulation of the argument ID causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used.

Action-Not Available
Vendor-SourceCodestermayuri_k
Product-pet_grooming_management_softwarePet Grooming Management Software
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-10602
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 13.68%
||
7 Day CHG~0.00%
Published-17 Sep, 2025 | 17:02
Updated-22 Sep, 2025 | 16:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Online Exam Form Submission delete_s1.php sql injection

A vulnerability was found in SourceCodester Online Exam Form Submission 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/delete_s1.php. Performing manipulation of the argument ID results in sql injection. The attack can be initiated remotely. The exploit has been made public and could be used.

Action-Not Available
Vendor-janobeSourceCodester
Product-online_exam_form_submissionOnline Exam Form Submission
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-2090
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.30% / 53.17%
||
7 Day CHG~0.00%
Published-15 Apr, 2023 | 09:00
Updated-07 Sep, 2024 | 12:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Employee and Visitor Gate Pass Logging System GET Parameter view_designation.php sql injection

A vulnerability classified as critical has been found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0. Affected is an unknown function of the file /admin/maintenance/view_designation.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-226098 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-employee_and_visitor_gate_pass_logging_system_projectoretnom23SourceCodester
Product-employee_and_visitor_gate_pass_logging_systemEmployee and Visitor Gate Pass Logging Systememployee_and_visitor_gate_pass_logging_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-10595
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 13.68%
||
7 Day CHG~0.00%
Published-17 Sep, 2025 | 14:32
Updated-18 Sep, 2025 | 13:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Online Student File Management System delete_user.php sql injection

A vulnerability has been found in SourceCodester Online Student File Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/delete_user.php. The manipulation of the argument user_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-SourceCodester
Product-Online Student File Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-10420
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 13.68%
||
7 Day CHG~0.00%
Published-15 Sep, 2025 | 01:32
Updated-19 Sep, 2025 | 19:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Student Grading System form137.php sql injection

A vulnerability was detected in SourceCodester Student Grading System 1.0. This affects an unknown part of the file /form137.php. Performing manipulation of the argument ID results in sql injection. The attack may be initiated remotely. The exploit is now public and may be used.

Action-Not Available
Vendor-SourceCodesteroretnom23
Product-student_grading_systemStudent Grading System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-10429
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 13.68%
||
7 Day CHG~0.00%
Published-15 Sep, 2025 | 06:02
Updated-18 Sep, 2025 | 19:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Pet Grooming Management Software ajax_product.php sql injection

A vulnerability was detected in SourceCodester Pet Grooming Management Software 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/ajax_product.php. The manipulation of the argument drop_services results in sql injection. The attack can be launched remotely. The exploit is now public and may be used.

Action-Not Available
Vendor-SourceCodestermayuri_k
Product-pet_grooming_management_softwarePet Grooming Management Software
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-10617
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.06% / 18.55%
||
7 Day CHG+0.01%
Published-17 Sep, 2025 | 20:32
Updated-18 Sep, 2025 | 14:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Online Polling System positions.php sql injection

A weakness has been identified in SourceCodester Online Polling System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/positions.php. This manipulation of the argument ID causes sql injection. The attack may be initiated remotely. The exploit has been made available to the public and could be exploited.

Action-Not Available
Vendor-SourceCodester
Product-Online Polling System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-10418
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.06% / 18.70%
||
7 Day CHG~0.00%
Published-15 Sep, 2025 | 00:32
Updated-19 Sep, 2025 | 19:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Student Grading System view_students.php sql injection

A weakness has been identified in SourceCodester Student Grading System 1.0. Affected by this vulnerability is an unknown functionality of the file /view_students.php. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited.

Action-Not Available
Vendor-SourceCodesteroretnom23
Product-student_grading_systemStudent Grading System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-10627
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 13.68%
||
7 Day CHG~0.00%
Published-17 Sep, 2025 | 23:32
Updated-18 Sep, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Online Exam Form Submission delete_user.php sql injection

A vulnerability has been found in SourceCodester Online Exam Form Submission 1.0. This affects an unknown part of the file /admin/delete_user.php. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-SourceCodester
Product-Online Exam Form Submission
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-10483
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 13.68%
||
7 Day CHG~0.00%
Published-15 Sep, 2025 | 22:32
Updated-22 Sep, 2025 | 17:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Online Student File Management System save_user.php sql injection

A flaw has been found in SourceCodester Online Student File Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/save_user.php. This manipulation of the argument firstname causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may be used. Other parameters might be affected as well.

Action-Not Available
Vendor-janobeSourceCodester
Product-online_student_file_management_systemOnline Student File Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-10421
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 13.68%
||
7 Day CHG~0.00%
Published-15 Sep, 2025 | 02:02
Updated-19 Sep, 2025 | 19:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Student Grading System update_account.php sql injection

A flaw has been found in SourceCodester Student Grading System 1.0. This vulnerability affects unknown code of the file /update_account.php. Executing manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be used.

Action-Not Available
Vendor-SourceCodesteroretnom23
Product-student_grading_systemStudent Grading System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-10400
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 13.68%
||
7 Day CHG~0.00%
Published-14 Sep, 2025 | 14:02
Updated-18 Sep, 2025 | 20:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Food Ordering Management System ticket-message.php sql injection

A security vulnerability has been detected in SourceCodester Food Ordering Management System 1.0. Impacted is an unknown function of the file /routers/ticket-message.php. Such manipulation of the argument ticket_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used.

Action-Not Available
Vendor-SourceCodesteroretnom23
Product-food_ordering_management_systemFood Ordering Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-10481
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 13.68%
||
7 Day CHG~0.00%
Published-15 Sep, 2025 | 22:02
Updated-22 Sep, 2025 | 17:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Online Student File Management System remove_file.php sql injection

A security vulnerability has been detected in SourceCodester Online Student File Management System 1.0. This impacts an unknown function of the file /remove_file.php. The manipulation of the argument ID leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.

Action-Not Available
Vendor-janobeSourceCodester
Product-online_student_file_management_systemOnline Student File Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-10626
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 13.68%
||
7 Day CHG~0.00%
Published-17 Sep, 2025 | 23:32
Updated-18 Sep, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Online Exam Form Submission update_s3.php sql injection

A flaw has been found in SourceCodester Online Exam Form Submission 1.0. Affected by this issue is some unknown functionality of the file /admin/update_s3.php. This manipulation of the argument credits causes sql injection. Remote exploitation of the attack is possible. The exploit has been published and may be used.

Action-Not Available
Vendor-SourceCodester
Product-Online Exam Form Submission
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-9905
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.11% / 28.18%
||
7 Day CHG~0.00%
Published-13 Oct, 2024 | 02:31
Updated-17 Oct, 2024 | 19:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Online Eyewear Shop sql injection

A vulnerability, which was classified as critical, has been found in SourceCodester Online Eyewear Shop 1.0. This issue affects some unknown processing of the file /admin/?page=inventory/view_inventory&id=2. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-online_eyewear_shopOnline Eyewear Shoponline_eyewear_shop
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-2095
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.29% / 52.61%
||
7 Day CHG~0.00%
Published-15 Apr, 2023 | 10:31
Updated-02 Aug, 2024 | 06:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Vehicle Service Management System manage_category.php sql injection

A vulnerability was found in SourceCodester Vehicle Service Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/maintenance/manage_category.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-226103.

Action-Not Available
Vendor-vehicle_service_management_system_projectSourceCodester
Product-vehicle_service_management_systemVehicle Service Management System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-9809
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.09% / 24.56%
||
7 Day CHG~0.00%
Published-10 Oct, 2024 | 19:31
Updated-15 Oct, 2024 | 19:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Online Eyewear Shop Master.php delete_product sql injection

A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been declared as critical. Affected by this vulnerability is the function delete_product of the file /classes/Master.php?f=delete_product. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-online_eyewear_shop_projectoretnom23SourceCodester
Product-online_eyewear_shopOnline Eyewear Shoponline_eyewear_shop
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-9973
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.19% / 41.00%
||
7 Day CHG~0.00%
Published-15 Oct, 2024 | 09:31
Updated-15 Oct, 2024 | 19:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Online Eyewear Shop Report Viewing Page page sql injection

A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/?page=reports of the component Report Viewing Page. The manipulation of the argument date leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-online_eyewear_shopOnline Eyewear Shoponline_eyewear_shop
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-1563
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.30% / 53.17%
||
7 Day CHG~0.00%
Published-22 Mar, 2023 | 12:31
Updated-20 Feb, 2025 | 21:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Student Study Center Desk Management System assign.php sql injection

A vulnerability has been found in SourceCodester Student Study Center Desk Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/assign/assign.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223555.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-student_study_center_desk_management_systemStudent Study Center Desk Management System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-9808
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.09% / 24.56%
||
7 Day CHG~0.00%
Published-10 Oct, 2024 | 19:31
Updated-15 Oct, 2024 | 19:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Online Eyewear Shop sql injection

A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/?page=products/view_product. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-online_eyewear_shop_projectoretnom23SourceCodester
Product-online_eyewear_shopOnline Eyewear Shoponline_eyewear_shop
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-0173
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.14% / 34.01%
||
7 Day CHG+0.04%
Published-02 Jan, 2025 | 17:31
Updated-10 Feb, 2025 | 14:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Online Eyewear Shop view_order.php sql injection

A vulnerability was found in SourceCodester Online Eyewear Shop 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /orders/view_order.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-SourceCodesteroretnom23
Product-online_eyewear_shopOnline Eyewear Shop
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2024-3465
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.05% / 16.57%
||
7 Day CHG~0.00%
Published-08 Apr, 2024 | 20:31
Updated-17 Jan, 2025 | 14:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Laundry Management System Transaki.php laporan_filter sql injection

A vulnerability was found in SourceCodester Laundry Management System 1.0. It has been classified as critical. Affected is the function laporan_filter of the file /application/controller/Transaki.php. The manipulation of the argument dari/sampai leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-259746 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-laundry_shop_management_systemLaundry Management Systemlaundry_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-3464
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.05% / 16.57%
||
7 Day CHG~0.00%
Published-08 Apr, 2024 | 20:00
Updated-17 Jan, 2025 | 13:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Laundry Management System Pelanggan.php laporan_filter sql injection

A vulnerability was found in SourceCodester Laundry Management System 1.0 and classified as critical. This issue affects the function laporan_filter of the file /application/controller/Pelanggan.php. The manipulation of the argument jeniskelamin leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259745 was assigned to this vulnerability.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-laundry_shop_management_systemLaundry Management System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-1793
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.30% / 53.17%
||
7 Day CHG~0.00%
Published-02 Apr, 2023 | 07:31
Updated-02 Aug, 2024 | 05:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Police Crime Record Management System GET Parameter assigncase.php sql injection

A vulnerability was found in SourceCodester Police Crime Record Management System 1.0. It has been classified as critical. This affects an unknown part of the file /officer/assigncase.php of the component GET Parameter Handler. The manipulation of the argument caseid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-224745 was assigned to this vulnerability.

Action-Not Available
Vendor-police_crime_record_management_system_projectSourceCodester
Product-police_crime_record_management_systemPolice Crime Record Management System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-1770
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.30% / 53.17%
||
7 Day CHG~0.00%
Published-31 Mar, 2023 | 11:00
Updated-02 Aug, 2024 | 05:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Grade Point Average GPA Calculator Master.php get_scale sql injection

A vulnerability has been found in SourceCodester Grade Point Average GPA Calculator 1.0 and classified as critical. Affected by this vulnerability is the function get_scale of the file Master.php. The manipulation of the argument perc leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-224671.

Action-Not Available
Vendor-grade_point_average_\(gpa\)_calculator_projectSourceCodester
Product-grade_point_average_\(gpa\)_calculatorGrade Point Average GPA Calculator
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-1038
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.31% / 53.91%
||
7 Day CHG~0.00%
Published-26 Feb, 2023 | 11:51
Updated-02 Aug, 2024 | 05:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Online Reviewer Management System questions-view.php sql injection

A vulnerability classified as critical has been found in SourceCodester Online Reviewer Management System 1.0. Affected is an unknown function of the file /reviewer_0/admins/assessments/pretest/questions-view.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221796.

Action-Not Available
Vendor-online_reviewer_management_system_projectSourceCodester
Product-online_reviewer_management_systemOnline Reviewer Management System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-1151
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.34% / 56.78%
||
7 Day CHG~0.00%
Published-02 Mar, 2023 | 06:31
Updated-02 Aug, 2024 | 05:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Electronic Medical Records System Cookie administrator.php sql injection

A vulnerability was found in SourceCodester Electronic Medical Records System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file administrator.php of the component Cookie Handler. The manipulation of the argument userid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-222163.

Action-Not Available
Vendor-electronic_medical_records_system_projectSourceCodester
Product-electronic_medical_records_systemElectronic Medical Records System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-3424
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.11% / 29.46%
||
7 Day CHG~0.00%
Published-07 Apr, 2024 | 15:31
Updated-17 Jan, 2025 | 16:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Online Courseware listscore.php sql injection

A vulnerability classified as critical has been found in SourceCodester Online Courseware 1.0. Affected is an unknown function of the file admin/listscore.php. The manipulation of the argument title leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259596.

Action-Not Available
Vendor-argieSourceCodester
Product-online_coursewareOnline Coursewareonline_courseware
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-3419
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-6.3||MEDIUM
EPSS-0.05% / 16.57%
||
7 Day CHG~0.00%
Published-07 Apr, 2024 | 10:00
Updated-17 Jan, 2025 | 15:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Online Courseware edit.php sql injection

A vulnerability has been found in SourceCodester Online Courseware 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file admin/edit.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259591.

Action-Not Available
Vendor-argieSourceCodester
Product-online_coursewareOnline Courseware
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
  • Previous
  • 1
  • 2
  • ...
  • 5
  • 6
  • 7
  • ...
  • 84
  • 85
  • Next
Details not found