Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-5098

Summary
Assigner-VulDB
Assigner Org ID-1af790b2-7ee1-4545-860a-a788eba489b5
Published At-19 May, 2024 | 06:00
Updated At-01 Aug, 2024 | 21:03
Rejected At-
Credits

SourceCodester Simple Inventory System login.php sql injection

A vulnerability has been found in SourceCodester Simple Inventory System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file login.php. The manipulation of the argument username leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-265081 was assigned to this vulnerability.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:VulDB
Assigner Org ID:1af790b2-7ee1-4545-860a-a788eba489b5
Published At:19 May, 2024 | 06:00
Updated At:01 Aug, 2024 | 21:03
Rejected At:
▼CVE Numbering Authority (CNA)
SourceCodester Simple Inventory System login.php sql injection

A vulnerability has been found in SourceCodester Simple Inventory System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file login.php. The manipulation of the argument username leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-265081 was assigned to this vulnerability.

Affected Products
Vendor
SourceCodesterSourceCodester
Product
Simple Inventory System
Versions
Affected
  • 1.0
Problem Types
TypeCWE IDDescription
CWECWE-89CWE-89 SQL Injection
Type: CWE
CWE ID: CWE-89
Description: CWE-89 SQL Injection
Metrics
VersionBase scoreBase severityVector
4.05.1MEDIUM
CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
3.15.5MEDIUM
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
3.05.5MEDIUM
CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
2.05.2N/A
AV:A/AC:L/Au:S/C:P/I:P/A:P
Version: 4.0
Base score: 5.1
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
Version: 3.1
Base score: 5.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Version: 3.0
Base score: 5.5
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Version: 2.0
Base score: 5.2
Base severity: N/A
Vector:
AV:A/AC:L/Au:S/C:P/I:P/A:P
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
reporter
rocker (VulDB User)
Timeline
EventDate
Advisory disclosed2024-05-18 00:00:00
VulDB entry created2024-05-18 02:00:00
VulDB entry last update2024-05-18 16:38:45
Event: Advisory disclosed
Date: 2024-05-18 00:00:00
Event: VulDB entry created
Date: 2024-05-18 02:00:00
Event: VulDB entry last update
Date: 2024-05-18 16:38:45
Replaced By
Rejected Reason
References
HyperlinkResource
https://vuldb.com/?id.265081
vdb-entry
technical-description
https://vuldb.com/?ctiid.265081
signature
permissions-required
https://vuldb.com/?submit.337056
third-party-advisory
https://github.com/rockersiyuan/CVE/blob/main/SourceCodester%20Simple%20Inventory%20System%20Sql%20Inject-1.md
exploit
Hyperlink: https://vuldb.com/?id.265081
Resource:
vdb-entry
technical-description
Hyperlink: https://vuldb.com/?ctiid.265081
Resource:
signature
permissions-required
Hyperlink: https://vuldb.com/?submit.337056
Resource:
third-party-advisory
Hyperlink: https://github.com/rockersiyuan/CVE/blob/main/SourceCodester%20Simple%20Inventory%20System%20Sql%20Inject-1.md
Resource:
exploit
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Vendor
argiesimple_inventory_system_project
Product
simple_inventory_system
CPEs
  • cpe:2.3:a:simple_inventory_system_project:simple_inventory_system:1.0:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • 1.0
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://vuldb.com/?id.265081
vdb-entry
technical-description
x_transferred
https://vuldb.com/?ctiid.265081
signature
permissions-required
x_transferred
https://vuldb.com/?submit.337056
third-party-advisory
x_transferred
https://github.com/rockersiyuan/CVE/blob/main/SourceCodester%20Simple%20Inventory%20System%20Sql%20Inject-1.md
exploit
x_transferred
Hyperlink: https://vuldb.com/?id.265081
Resource:
vdb-entry
technical-description
x_transferred
Hyperlink: https://vuldb.com/?ctiid.265081
Resource:
signature
permissions-required
x_transferred
Hyperlink: https://vuldb.com/?submit.337056
Resource:
third-party-advisory
x_transferred
Hyperlink: https://github.com/rockersiyuan/CVE/blob/main/SourceCodester%20Simple%20Inventory%20System%20Sql%20Inject-1.md
Resource:
exploit
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cna@vuldb.com
Published At:19 May, 2024 | 06:15
Updated At:10 Feb, 2025 | 14:28

A vulnerability has been found in SourceCodester Simple Inventory System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file login.php. The manipulation of the argument username leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-265081 was assigned to this vulnerability.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.05.1MEDIUM
CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Secondary3.15.5MEDIUM
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Primary3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Secondary2.05.2MEDIUM
AV:A/AC:L/Au:S/C:P/I:P/A:P
Type: Secondary
Version: 4.0
Base score: 5.1
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Secondary
Version: 3.1
Base score: 5.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Type: Primary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Type: Secondary
Version: 2.0
Base score: 5.2
Base severity: MEDIUM
Vector:
AV:A/AC:L/Au:S/C:P/I:P/A:P
CPE Matches
argie
argie
>>simple_inventory_system>>1.0
cpe:2.3:a:argie:simple_inventory_system:1.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-89Secondarycna@vuldb.com
CWE ID: CWE-89
Type: Secondary
Source: cna@vuldb.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/rockersiyuan/CVE/blob/main/SourceCodester%20Simple%20Inventory%20System%20Sql%20Inject-1.mdcna@vuldb.com
Exploit
Third Party Advisory
https://vuldb.com/?ctiid.265081cna@vuldb.com
Permissions Required
VDB Entry
https://vuldb.com/?id.265081cna@vuldb.com
Third Party Advisory
VDB Entry
https://vuldb.com/?submit.337056cna@vuldb.com
Third Party Advisory
VDB Entry
https://github.com/rockersiyuan/CVE/blob/main/SourceCodester%20Simple%20Inventory%20System%20Sql%20Inject-1.mdaf854a3a-2127-422b-91ae-364da2661108
Exploit
Third Party Advisory
https://vuldb.com/?ctiid.265081af854a3a-2127-422b-91ae-364da2661108
Permissions Required
VDB Entry
https://vuldb.com/?id.265081af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
https://vuldb.com/?submit.337056af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
Hyperlink: https://github.com/rockersiyuan/CVE/blob/main/SourceCodester%20Simple%20Inventory%20System%20Sql%20Inject-1.md
Source: cna@vuldb.com
Resource:
Exploit
Third Party Advisory
Hyperlink: https://vuldb.com/?ctiid.265081
Source: cna@vuldb.com
Resource:
Permissions Required
VDB Entry
Hyperlink: https://vuldb.com/?id.265081
Source: cna@vuldb.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://vuldb.com/?submit.337056
Source: cna@vuldb.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://github.com/rockersiyuan/CVE/blob/main/SourceCodester%20Simple%20Inventory%20System%20Sql%20Inject-1.md
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Third Party Advisory
Hyperlink: https://vuldb.com/?ctiid.265081
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Permissions Required
VDB Entry
Hyperlink: https://vuldb.com/?id.265081
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://vuldb.com/?submit.337056
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry

Change History

0
Information is not available yet

Similar CVEs

1302Records found
CVE-2024-3466
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.5||MEDIUM
EPSS-0.06% / 17.21%
||
7 Day CHG~0.00%
Published-08 Apr, 2024 | 21:00
Updated-16 Jan, 2025 | 19:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Laundry Management System Pengeluaran.php laporan_filter sql injection

A vulnerability was found in SourceCodester Laundry Management System 1.0. It has been declared as critical. Affected by this vulnerability is the function laporan_filter of the file /application/controller/Pengeluaran.php. The manipulation of the argument dari/sampai leads to sql injection. The associated identifier of this vulnerability is VDB-259747.

Action-Not Available
Vendor-laundry_management_system_projectoretnom23SourceCodester
Product-laundry_shop_management_systemLaundry Management Systemlaundry_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-6898
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 16.31%
||
7 Day CHG~0.00%
Published-17 Dec, 2023 | 10:31
Updated-07 May, 2025 | 20:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Best Courier Management System manage_user.php sql injection

A vulnerability classified as critical has been found in SourceCodester Best Courier Management System 1.0. Affected is an unknown function of the file manage_user.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248256.

Action-Not Available
Vendor-SourceCodestermayuri_k
Product-best_courier_management_systemBest Courier Management System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-6657
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 15.79%
||
7 Day CHG~0.00%
Published-10 Dec, 2023 | 21:00
Updated-02 Aug, 2024 | 08:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Simple Student Attendance System student_form.php sql injection

A vulnerability classified as critical has been found in SourceCodester Simple Student Attendance System 1.0. This affects an unknown part of the file /modals/student_form.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-247365 was assigned to this vulnerability.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-simple_student_attendance_systemSimple Student Attendance System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-6617
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.5||MEDIUM
EPSS-0.06% / 17.21%
||
7 Day CHG~0.00%
Published-08 Dec, 2023 | 17:00
Updated-28 Aug, 2024 | 14:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Simple Student Attendance System attendance.php sql injection

A vulnerability was found in SourceCodester Simple Student Attendance System 1.0. It has been classified as critical. Affected is an unknown function of the file attendance.php. The manipulation of the argument class_id leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-247254 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-simple_student_attendance_systemSimple Student Attendance System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-1736
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 8.51%
||
7 Day CHG~0.00%
Published-30 Mar, 2023 | 19:31
Updated-02 Aug, 2024 | 05:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Young Entrepreneur E-Negosyo System sql injection

A vulnerability, which was classified as critical, has been found in SourceCodester Young Entrepreneur E-Negosyo System 1.0. Affected by this issue is some unknown functionality of the file cart/controller.php?action=add. The manipulation of the argument PROID leads to sql injection. The identifier of this vulnerability is VDB-224624.

Action-Not Available
Vendor-young_entrepreneur_e-negosyo_system_projectSourceCodester
Product-young_entrepreneur_e-negosyo_systemYoung Entrepreneur E-Negosyo System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-6658
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 15.79%
||
7 Day CHG~0.00%
Published-10 Dec, 2023 | 23:00
Updated-21 Nov, 2024 | 14:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Simple Student Attendance System sql injection

A vulnerability classified as critical was found in SourceCodester Simple Student Attendance System 1.0. This vulnerability affects unknown code of the file ajax-api.php?action=save_attendance. The manipulation of the argument class_id leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-247366 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-simple_student_attendance_systemSimple Student Attendance System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-6771
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.5||MEDIUM
EPSS-0.15% / 36.27%
||
7 Day CHG~0.00%
Published-13 Dec, 2023 | 18:31
Updated-28 Aug, 2024 | 14:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Simple Student Attendance System actions.class.php save_attendance sql injection

A vulnerability, which was classified as critical, has been found in SourceCodester Simple Student Attendance System 1.0. This issue affects the function save_attendance of the file actions.class.php. The manipulation of the argument sid leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-247907.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-simple_student_attendance_systemSimple Student Attendance System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-0516
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.5||MEDIUM
EPSS-0.38% / 58.66%
||
7 Day CHG~0.00%
Published-26 Jan, 2023 | 16:58
Updated-02 Aug, 2024 | 05:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Online Tours & Travels Management System Parameter forget_password.php sql injection

A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. It has been classified as critical. Affected is an unknown function of the file user/forget_password.php of the component Parameter Handler. The manipulation of the argument email leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-219336.

Action-Not Available
Vendor-mayuri_kSourceCodester
Product-online_tours_\&_travels_management_systemOnline Tours & Travels Management System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-6765
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.5||MEDIUM
EPSS-0.13% / 32.57%
||
7 Day CHG~0.00%
Published-13 Dec, 2023 | 17:31
Updated-02 Aug, 2024 | 08:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Online Tours & Travels Management System email_setup.php prepare sql injection

A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. It has been rated as critical. This issue affects the function prepare of the file email_setup.php. The manipulation of the argument name leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-247895.

Action-Not Available
Vendor-mayuri_kSourceCodester
Product-online_tours_\&_travels_management_systemOnline Tours & Travels Management System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-6619
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 16.31%
||
7 Day CHG~0.00%
Published-08 Dec, 2023 | 17:31
Updated-02 Aug, 2024 | 08:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Simple Student Attendance System class_form.php sql injection

A vulnerability was found in SourceCodester Simple Student Attendance System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /modals/class_form.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-247256.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-simple_student_attendance_systemSimple Student Attendance System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-0707
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.5||MEDIUM
EPSS-0.13% / 32.36%
||
7 Day CHG~0.00%
Published-07 Feb, 2023 | 12:32
Updated-02 Aug, 2024 | 05:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Medical Certificate Generator App function.php delete_record sql injection

A vulnerability was found in SourceCodester Medical Certificate Generator App 1.0. It has been rated as critical. Affected by this issue is the function delete_record of the file function.php. The manipulation of the argument id leads to sql injection. VDB-220346 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-medical_certificate_generator_app_projectSourceCodester
Product-medical_certificate_generator_appMedical Certificate Generator App
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-1057
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.5||MEDIUM
EPSS-0.07% / 20.16%
||
7 Day CHG~0.00%
Published-27 Feb, 2023 | 11:08
Updated-02 Aug, 2024 | 05:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Doctors Appointment System login.php edoc sql injection

A vulnerability was found in SourceCodester Doctors Appointment System 1.0. It has been rated as critical. Affected by this issue is the function edoc of the file login.php. The manipulation of the argument usermail leads to sql injection. VDB-221822 is the identifier assigned to this vulnerability.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-doctors_appointment_systemDoctors Appointment System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-0515
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.5||MEDIUM
EPSS-0.38% / 58.66%
||
7 Day CHG~0.00%
Published-26 Jan, 2023 | 16:58
Updated-02 Aug, 2024 | 05:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Online Tours & Travels Management System Parameter forget_password.php sql injection

A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0 and classified as critical. This issue affects some unknown processing of the file admin/forget_password.php of the component Parameter Handler. The manipulation of the argument email leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-219335.

Action-Not Available
Vendor-mayuri_kSourceCodester
Product-online_tours_\&_travels_management_systemOnline Tours & Travels Management System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-5269
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.05% / 15.98%
||
7 Day CHG~0.00%
Published-29 Sep, 2023 | 15:31
Updated-06 Mar, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Best Courier Management System GET Parameter parcel_list.php sql injection

A vulnerability was found in SourceCodester Best Courier Management System 1.0. It has been classified as critical. Affected is an unknown function of the file parcel_list.php of the component GET Parameter Handler. The manipulation of the argument id/s leads to sql injection. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-mayuri_kSourceCodester
Product-best_courier_management_systemBest Courier Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-5271
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 15.98%
||
7 Day CHG~0.00%
Published-29 Sep, 2023 | 16:00
Updated-30 Sep, 2025 | 13:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Best Courier Management System edit_parcel.php sql injection

A vulnerability was found in SourceCodester Best Courier Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file edit_parcel.php. The manipulation of the argument email leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-240884.

Action-Not Available
Vendor-SourceCodestermayuri_k
Product-best_courier_management_systemBest Courier Management Systembest_courier_management_system
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-5272
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 15.98%
||
7 Day CHG~0.00%
Published-29 Sep, 2023 | 16:31
Updated-30 Sep, 2025 | 13:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Best Courier Management System GET Parameter edit_parcel.php sql injection

A vulnerability classified as critical has been found in SourceCodester Best Courier Management System 1.0. This affects an unknown part of the file edit_parcel.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-240885 was assigned to this vulnerability.

Action-Not Available
Vendor-SourceCodestermayuri_k
Product-best_courier_management_systemBest Courier Management System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-5270
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 15.98%
||
7 Day CHG~0.00%
Published-29 Sep, 2023 | 16:00
Updated-30 Sep, 2025 | 13:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Best Courier Management System view_parcel.php sql injection

A vulnerability was found in SourceCodester Best Courier Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file view_parcel.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-240883.

Action-Not Available
Vendor-SourceCodestermayuri_k
Product-best_courier_management_systemBest Courier Management System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-2708
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.5||MEDIUM
EPSS-0.24% / 47.44%
||
7 Day CHG~0.00%
Published-08 Aug, 2022 | 12:50
Updated-15 Apr, 2025 | 13:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Gym Management System login.php sql injection

A vulnerability, which was classified as critical, was found in SourceCodester Gym Management System. This affects an unknown part of the file login.php. The manipulation of the argument user_login with the input 123@xx.com' OR (SELECT 9084 FROM(SELECT COUNT(*),CONCAT(0x7178767871,(SELECT (ELT(9084=9084,1))),0x71767a6271,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- dPvW leads to sql injection. Access to the local network is required for this attack. The exploit has been disclosed to the public and may be used. The identifier VDB-205833 was assigned to this vulnerability.

Action-Not Available
Vendor-Adrian MercurioSourceCodester
Product-gym_management_systemGym Management System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2022-2644
Matching Score-10
Assigner-VulDB
ShareView Details
Matching Score-10
Assigner-VulDB
CVSS Score-5.5||MEDIUM
EPSS-0.26% / 49.42%
||
7 Day CHG~0.00%
Published-04 Aug, 2022 | 08:40
Updated-15 Apr, 2025 | 14:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Online Admission System GET Parameter sql injection

A vulnerability was found in SourceCodester Online Admission System and classified as critical. This issue affects some unknown processing of the component GET Parameter Handler. The manipulation of the argument eid leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-205565 was assigned to this vulnerability.

Action-Not Available
Vendor-online_admission_system_projectSourceCodester
Product-online_admission_systemOnline Admission System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-5649
Matching Score-8
Assigner-VulDB
ShareView Details
Matching Score-8
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.05% / 14.31%
||
7 Day CHG~0.00%
Published-05 Jun, 2025 | 09:00
Updated-10 Jun, 2025 | 15:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Student Result Management System Register Interface new_user access control

A vulnerability classified as critical has been found in SourceCodester Student Result Management System 1.0. This affects an unknown part of the file /admin/core/new_user of the component Register Interface. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-razormistSourceCodester
Product-student_result_management_systemStudent Result Management System
CWE ID-CWE-266
Incorrect Privilege Assignment
CWE ID-CWE-284
Improper Access Control
CVE-2023-6618
Matching Score-8
Assigner-VulDB
ShareView Details
Matching Score-8
Assigner-VulDB
CVSS Score-5.5||MEDIUM
EPSS-0.08% / 22.55%
||
7 Day CHG~0.00%
Published-08 Dec, 2023 | 17:00
Updated-27 May, 2025 | 17:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Simple Student Attendance System index.php file inclusion

A vulnerability was found in SourceCodester Simple Student Attendance System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file index.php. The manipulation of the argument page leads to file inclusion. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-247255.

Action-Not Available
Vendor-SourceCodesteroretnom23
Product-simple_student_attendance_systemSimple Student Attendance System
CWE ID-CWE-73
External Control of File Name or Path
CWE ID-CWE-610
Externally Controlled Reference to a Resource in Another Sphere
CVE-2025-2046
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.11% / 30.23%
||
7 Day CHG~0.00%
Published-06 Mar, 2025 | 22:00
Updated-29 Apr, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Best Employee Management System print1.php sql injection

A vulnerability was found in SourceCodester Best Employee Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/print1.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-SourceCodestermayuri_k
Product-best_employee_management_systemBest Employee Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-1961
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.06% / 17.13%
||
7 Day CHG~0.00%
Published-04 Mar, 2025 | 23:00
Updated-29 Apr, 2025 | 16:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Best Church Management Software web_crud.php sql injection

A vulnerability has been found in SourceCodester Best Church Management Software 1.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/app/web_crud.php. The manipulation of the argument encryption leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.

Action-Not Available
Vendor-SourceCodestermayuri_k
Product-best_church_management_softwareBest Church Management Software
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-13451
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.04% / 11.39%
||
7 Day CHG~0.00%
Published-20 Nov, 2025 | 03:02
Updated-21 Nov, 2025 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Online Shop Project action.php sql injection

A vulnerability was identified in SourceCodester Online Shop Project 1.0. The affected element is an unknown function of the file /action.php. Such manipulation of the argument Search leads to sql injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used.

Action-Not Available
Vendor-SourceCodesteroretnom23
Product-online_shop_projectOnline Shop Project
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-12930
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 10.98%
||
7 Day CHG~0.00%
Published-10 Nov, 2025 | 04:02
Updated-18 Nov, 2025 | 18:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Food Ordering System view-ticket.php sql injection

A vulnerability has been found in SourceCodester Food Ordering System 1.0. Affected is an unknown function of the file /view-ticket.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-SourceCodesterjanobe
Product-food_ordering_systemFood Ordering System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-13122
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.04% / 11.89%
||
7 Day CHG~0.00%
Published-13 Nov, 2025 | 18:02
Updated-17 Nov, 2025 | 12:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Patients Waiting Area Queue Management System api_patient_checkin.php getPatientAppointment sql injection

A vulnerability was detected in SourceCodester Patients Waiting Area Queue Management System 1.0. The affected element is the function getPatientAppointment of the file /php/api_patient_checkin.php. Performing manipulation of the argument appointmentID results in sql injection. It is possible to initiate the attack remotely. The exploit is now public and may be used.

Action-Not Available
Vendor-pamzeySourceCodester
Product-patients_waiting_area_queue_management_systemPatients Waiting Area Queue Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-13248
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.04% / 11.39%
||
7 Day CHG~0.00%
Published-16 Nov, 2025 | 11:02
Updated-11 Dec, 2025 | 16:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Patients Waiting Area Queue Management System api_patient_schedule.php sql injection

A weakness has been identified in SourceCodester Patients Waiting Area Queue Management System 1.0. The impacted element is an unknown function of the file /php/api_patient_schedule.php. This manipulation of the argument appointmentID causes sql injection. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited.

Action-Not Available
Vendor-pamzeySourceCodester
Product-patients_waiting_area_queue_management_systemPatients Waiting Area Queue Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-13346
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 10.33%
||
7 Day CHG~0.00%
Published-18 Nov, 2025 | 12:32
Updated-19 Nov, 2025 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Train Station Ticketing System ajax.php sql injection

A vulnerability was detected in SourceCodester Train Station Ticketing System 1.0. This affects an unknown part of the file /ajax.php?action=save_station. Performing manipulation of the argument id/station results in sql injection. The attack may be initiated remotely. The exploit is now public and may be used.

Action-Not Available
Vendor-SourceCodesteroretnom23
Product-train_station_ticketing_systemTrain Station Ticketing System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-12939
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 10.98%
||
7 Day CHG~0.00%
Published-10 Nov, 2025 | 13:02
Updated-17 Nov, 2025 | 12:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Interview Management System addCandidate.php sql injection

A security flaw has been discovered in SourceCodester Interview Management System up to 1.0. Affected by this issue is some unknown functionality of the file /addCandidate.php. The manipulation of the argument candName results in sql injection. The attack can be launched remotely. The exploit has been released to the public and may be exploited.

Action-Not Available
Vendor-SourceCodesterjanobe
Product-interview_management_systemInterview Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-13347
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 10.33%
||
7 Day CHG~0.00%
Published-18 Nov, 2025 | 13:02
Updated-19 Nov, 2025 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Train Station Ticketing System ajax.php sql injection

A flaw has been found in SourceCodester Train Station Ticketing System 1.0. This vulnerability affects unknown code of the file /ajax.php?action=save_user. Executing manipulation of the argument Username can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be used.

Action-Not Available
Vendor-SourceCodesteroretnom23
Product-train_station_ticketing_systemTrain Station Ticketing System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-13060
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.04% / 11.39%
||
7 Day CHG~0.00%
Published-12 Nov, 2025 | 20:02
Updated-17 Nov, 2025 | 12:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Survey Application System view_survey.php sql injection

A security vulnerability has been detected in SourceCodester Survey Application System 1.0. This affects an unknown function of the file /view_survey.php. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit has been disclosed publicly and may be used.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-survey_application_systemSurvey Application System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-12598
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.03% / 10.15%
||
7 Day CHG~0.00%
Published-02 Nov, 2025 | 12:02
Updated-05 Nov, 2025 | 16:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Best House Rental Management System admin_class.php save_tenant sql injection

A flaw has been found in SourceCodester Best House Rental Management System 1.0. Affected by this issue is the function save_tenant of the file /admin_class.php. Executing manipulation of the argument firstname can lead to sql injection. The attack can be launched remotely. The exploit has been published and may be used. Other parameters might be affected as well.

Action-Not Available
Vendor-SourceCodestermayuri_k
Product-best_house_rental_management_systemBest House Rental Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-12614
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.03% / 10.15%
||
7 Day CHG~0.00%
Published-03 Nov, 2025 | 03:02
Updated-05 Nov, 2025 | 18:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Best House Rental Management System admin_class.php delete_payment sql injection

A weakness has been identified in SourceCodester Best House Rental Management System 1.0. Impacted is the function delete_payment of the file /admin_class.php. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be exploited.

Action-Not Available
Vendor-SourceCodestermayuri_k
Product-best_house_rental_management_systemBest House Rental Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-13263
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 10.98%
||
7 Day CHG~0.00%
Published-17 Nov, 2025 | 04:32
Updated-19 Nov, 2025 | 13:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Online Magazine Management System categories.php sql injection

A vulnerability was identified in SourceCodester Online Magazine Management System 1.0. Affected by this issue is some unknown functionality of the file /categories.php. The manipulation of the argument c leads to sql injection. The attack is possible to be carried out remotely. The exploit is publicly available and might be used.

Action-Not Available
Vendor-SourceCodesteroretnom23
Product-online_magazine_management_systemOnline Magazine Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-12929
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.04% / 11.39%
||
7 Day CHG~0.00%
Published-10 Nov, 2025 | 03:32
Updated-18 Nov, 2025 | 18:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Survey Application System LoginRegistration.php update_user sql injection

A flaw has been found in SourceCodester Survey Application System 1.0. This impacts the function save_user/update_user of the file /LoginRegistration.php. Executing manipulation of the argument fullname can lead to sql injection. The attack may be performed from remote. The exploit has been published and may be used. Other parameters might be affected as well.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-survey_application_systemSurvey Application System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-12933
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 10.98%
||
7 Day CHG~0.00%
Published-10 Nov, 2025 | 05:32
Updated-17 Nov, 2025 | 12:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Baby Care System updatewelcome.php sql injection

A vulnerability was identified in SourceCodester Baby Care System 1.0. This affects an unknown part of the file /updatewelcome.php?id=siteoptions&action=welcome. Such manipulation of the argument roleid leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be used.

Action-Not Available
Vendor-SourceCodesterjanobe
Product-baby_care_systemBaby Care System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-12597
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.03% / 10.15%
||
7 Day CHG~0.00%
Published-02 Nov, 2025 | 11:32
Updated-05 Nov, 2025 | 16:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Best House Rental Management System admin_class.php save_category sql injection

A vulnerability was detected in SourceCodester Best House Rental Management System 1.0. Affected by this vulnerability is the function save_category of the file /admin_class.php. Performing manipulation of the argument Name results in sql injection. The attack can be initiated remotely. The exploit is now public and may be used.

Action-Not Available
Vendor-SourceCodestermayuri_k
Product-best_house_rental_management_systemBest House Rental Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-12853
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-5.1||MEDIUM
EPSS-0.03% / 10.15%
||
7 Day CHG~0.00%
Published-07 Nov, 2025 | 12:32
Updated-18 Nov, 2025 | 19:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Best House Rental Management System admin_class.php delete_house sql injection

A vulnerability was determined in SourceCodester Best House Rental Management System 1.0. This affects the function delete_house of the file /admin_class.php. Executing manipulation of the argument ID can lead to sql injection. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized.

Action-Not Available
Vendor-SourceCodestermayuri_k
Product-best_house_rental_management_systemBest House Rental Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-12931
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 10.98%
||
7 Day CHG~0.00%
Published-10 Nov, 2025 | 04:32
Updated-18 Nov, 2025 | 17:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Food Ordering System edit-orders.php sql injection

A vulnerability was found in SourceCodester Food Ordering System 1.0. Affected by this vulnerability is an unknown functionality of the file /routers/edit-orders.php. The manipulation of the argument ID results in sql injection. It is possible to launch the attack remotely. The exploit has been made public and could be used.

Action-Not Available
Vendor-SourceCodesterjanobe
Product-food_ordering_systemFood Ordering System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-13345
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 10.98%
||
7 Day CHG~0.00%
Published-18 Nov, 2025 | 12:02
Updated-19 Nov, 2025 | 13:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Train Station Ticketing System ajax.php sql injection

A security vulnerability has been detected in SourceCodester Train Station Ticketing System 1.0. Affected by this issue is some unknown functionality of the file /ajax.php?action=save_ticket. Such manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.

Action-Not Available
Vendor-SourceCodesteroretnom23
Product-train_station_ticketing_systemTrain Station Ticketing System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-4184
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-7.3||HIGH
EPSS-0.04% / 13.44%
||
7 Day CHG~0.00%
Published-06 Aug, 2023 | 11:31
Updated-02 Aug, 2024 | 07:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Inventory Management System sell_return.php sql injection

A vulnerability was found in SourceCodester Inventory Management System 1.0 and classified as critical. This issue affects some unknown processing of the file sell_return.php. The manipulation of the argument pid leads to sql injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-236219.

Action-Not Available
Vendor-inventory_management_system_projectSourceCodester
Product-inventory_management_systemInventory Management System
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-13344
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.04% / 11.39%
||
7 Day CHG~0.00%
Published-18 Nov, 2025 | 12:02
Updated-19 Nov, 2025 | 13:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Train Station Ticketing System ajax.php sql injection

A weakness has been identified in SourceCodester Train Station Ticketing System 1.0. Affected by this vulnerability is an unknown functionality of the file /ajax.php?action=login. This manipulation of the argument Username causes sql injection. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited.

Action-Not Available
Vendor-SourceCodesteroretnom23
Product-train_station_ticketing_systemTrain Station Ticketing System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-11662
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.05% / 15.37%
||
7 Day CHG+0.01%
Published-13 Oct, 2025 | 05:02
Updated-17 Oct, 2025 | 13:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Best Salon Management System booking.php sql injection

A security flaw has been discovered in SourceCodester Best Salon Management System 1.0. Impacted is an unknown function of the file /booking.php. The manipulation of the argument serv_id results in sql injection. It is possible to launch the attack remotely. The exploit has been released to the public and may be exploited.

Action-Not Available
Vendor-SourceCodestermayuri_k
Product-best_salon_management_systemBest Salon Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-12293
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.04% / 11.39%
||
7 Day CHG~0.00%
Published-27 Oct, 2025 | 16:02
Updated-03 Nov, 2025 | 16:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Point of Sales category.php sql injection

A vulnerability was identified in SourceCodester Point of Sales 1.0. This issue affects some unknown processing of the file /category.php. Such manipulation of the argument Category leads to sql injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used.

Action-Not Available
Vendor-janobeSourceCodester
Product-point_of_salesPoint of Sales
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-1192
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.11% / 30.25%
||
7 Day CHG~0.00%
Published-12 Feb, 2025 | 11:00
Updated-18 Feb, 2025 | 17:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Multi Restaurant Table Reservation System select-menu.php sql injection

A vulnerability was found in SourceCodester Multi Restaurant Table Reservation System 1.0. It has been classified as critical. Affected is an unknown function of the file select-menu.php. The manipulation of the argument table leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-SourceCodesterjanobe
Product-multi_restaurant_table_reservation_systemMulti Restaurant Table Reservation System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-12208
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.04% / 11.39%
||
7 Day CHG~0.00%
Published-27 Oct, 2025 | 03:02
Updated-28 Oct, 2025 | 14:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Best House Rental Management System admin_class.php login2 sql injection

A vulnerability was found in SourceCodester Best House Rental Management System 1.0. This impacts the function login2 of the file /admin_class.php. Performing manipulation of the argument Username results in sql injection. The attack is possible to be carried out remotely. The exploit has been made public and could be used.

Action-Not Available
Vendor-SourceCodestermayuri_k
Product-best_house_rental_management_systemBest House Rental Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-11615
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.05% / 15.37%
||
7 Day CHG+0.01%
Published-11 Oct, 2025 | 21:32
Updated-20 Oct, 2025 | 17:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Best Salon Management System add_invoice.php sql injection

A security flaw has been discovered in SourceCodester Best Salon Management System 1.0. This affects an unknown part of the file /panel/add_invoice.php. Performing manipulation of the argument ServiceId results in sql injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be exploited.

Action-Not Available
Vendor-SourceCodestermayuri_k
Product-best_salon_management_systemBest Salon Management System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-1199
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.07% / 22.12%
||
7 Day CHG~0.00%
Published-12 Feb, 2025 | 13:00
Updated-18 Feb, 2025 | 18:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Best Church Management Software role_crud.php sql injection

A vulnerability was found in SourceCodester Best Church Management Software 1.1. It has been classified as critical. This affects an unknown part of the file /admin/app/role_crud.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-SourceCodestermayuri_k
Product-best_church_management_softwareBest Church Management Software
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-11610
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.05% / 14.88%
||
7 Day CHG+0.01%
Published-11 Oct, 2025 | 18:02
Updated-20 Oct, 2025 | 17:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Simple Inventory System brand.php sql injection

A security flaw has been discovered in SourceCodester Simple Inventory System 1.0. This issue affects some unknown processing of the file /brand.php. The manipulation of the argument editBrandName results in sql injection. The attack can be executed remotely. The exploit has been released to the public and may be exploited.

Action-Not Available
Vendor-CodeAstroSourceCodester
Product-simple_inventory_systemSimple Inventory System
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2025-1201
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.07% / 22.12%
||
7 Day CHG~0.00%
Published-12 Feb, 2025 | 14:00
Updated-18 Feb, 2025 | 18:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Best Church Management Software profile_crud.php sql injection

A vulnerability was found in SourceCodester Best Church Management Software 1.1. It has been rated as critical. This issue affects some unknown processing of the file /admin/app/profile_crud.php. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Multiple parameters might be affected.

Action-Not Available
Vendor-SourceCodestermayuri_k
Product-best_church_management_softwareBest Church Management Software
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 26
  • 27
  • Next
Details not found