Filtered by vendor Sourcecodester
Subscriptions
Total
731 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-30521 | 2 Oretnom23, Sourcecodester | 2 Loan Management System, Loan Management System | 2026-04-03 | 6.5 Medium |
| A Business Logic vulnerability exists in SourceCodester Loan Management System v1.0 due to improper server-side validation. The application allows administrators to create "Loan Plans" with specific interest rates. While the frontend interface prevents users from entering negative numbers, this constraint is not enforced on the backend. An authenticated attacker can bypass the client-side restriction by manipulating the HTTP POST request to submit a negative value for the interest_percentage. This results in the creation of loan plans with negative interest rates. | ||||
| CVE-2026-30563 | 2 Ahsanriaz26gmailcom, Sourcecodester | 2 Sales And Inventory System, Sales And Inventory System | 2026-04-03 | 6.1 Medium |
| A Stored Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the update_details.php file. The application fails to sanitize the "website" parameter provided in a POST request. This allows authenticated attackers to inject arbitrary web script or HTML that is stored in the database and executed whenever the store details page is accessed. | ||||
| CVE-2026-30564 | 2 Ahsanriaz26gmailcom, Sourcecodester | 2 Sales And Inventory System, Sales And Inventory System | 2026-04-03 | 6.1 Medium |
| A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the view_payments.php file via the "limit" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML via a crafted URL. | ||||
| CVE-2026-30562 | 2 Ahsanriaz26gmailcom, Sourcecodester | 2 Sales And Inventory System, Sales And Inventory System | 2026-04-02 | 9.3 Critical |
| A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the add_stock.php file via the "msg" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML via a crafted URL. | ||||
| CVE-2026-30565 | 2 Ahsanriaz26gmailcom, Sourcecodester | 2 Sales And Inventory System, Sales And Inventory System | 2026-04-02 | 6.1 Medium |
| A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the view_supplier.php file via the "limit" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML via a crafted URL. | ||||
| CVE-2026-30566 | 2 Ahsanriaz26gmailcom, Sourcecodester | 2 Sales And Inventory System, Sales And Inventory System | 2026-04-02 | 6.1 Medium |
| A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the view_customers.php file via the "limit" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML via a crafted URL. | ||||
| CVE-2026-30556 | 2 Ahsanriaz26gmailcom, Sourcecodester | 2 Sales And Inventory System, Sales And Inventory System | 2026-04-02 | 6.1 Medium |
| A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0. The vulnerability is located in the index.php file via the "msg" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML via a crafted URL. | ||||
| CVE-2026-30575 | 2 Senior-walter, Sourcecodester | 2 Web-based Pharmacy Product Management System, Pharmacy Product Management System | 2026-03-31 | 7.5 High |
| A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0 in the add-stock.php file. The application fails to validate the "txtqty" parameter during stock entry, allowing negative values to be processed. This causes the system to decrease the inventory level instead of increasing it, leading to inventory corruption and potential Denial of Service by depleting stock records. | ||||
| CVE-2026-30574 | 2 Senior-walter, Sourcecodester | 2 Web-based Pharmacy Product Management System, Pharmacy Product Management System | 2026-03-31 | 7.5 High |
| A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0 in the add-sales.php file. The application fails to verify if the requested sales quantity (txtqty) exceeds the available stock level. An attacker can manipulate the request to purchase a quantity that is significantly higher than the actual available stock. | ||||
| CVE-2026-30576 | 2 Senior-walter, Sourcecodester | 2 Web-based Pharmacy Product Management System, Pharmacy Product Management System | 2026-03-31 | 7.5 High |
| A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0 in the add-stock.php file. The application fails to validate the "txtprice" and "txttotalcost" parameters during stock entry, allowing negative financial values to be submitted. This leads to corruption of financial records, allowing attackers to manipulate inventory asset values and procurement costs. | ||||
| CVE-2026-30532 | 2 Oretnom23, Sourcecodester | 2 Online Food Ordering System, Online Food Ordering System | 2026-03-30 | 9.8 Critical |
| A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the admin/view_product.php file via the "id" parameter. | ||||
| CVE-2026-30533 | 2 Oretnom23, Sourcecodester | 2 Online Food Ordering System, Online Food Ordering System | 2026-03-30 | 9.8 Critical |
| A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the admin/manage_product.php file via the "id" parameter. | ||||
| CVE-2026-30534 | 2 Oretnom23, Sourcecodester | 2 Online Food Ordering System, Online Food Ordering System | 2026-03-30 | 8.3 High |
| A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in admin/manage_category.php via the "id" parameter. | ||||
| CVE-2026-30529 | 2 Oretnom23, Sourcecodester | 2 Online Food Ordering System, Online Food Ordering System | 2026-03-30 | 8.8 High |
| A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the Actions.php file (specifically the save_user action). The application fails to properly sanitize user input supplied to the "username" parameter. This allows an authenticated attacker to inject malicious SQL commands. | ||||
| CVE-2026-30530 | 2 Oretnom23, Sourcecodester | 2 Online Food Ordering System, Online Food Ordering System | 2026-03-30 | 9.8 Critical |
| A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the Actions.php file (specifically the save_customer action). The application fails to properly sanitize user input supplied to the "username" parameter. This allows an attacker to inject malicious SQL commands. | ||||
| CVE-2026-30531 | 2 Oretnom23, Sourcecodester | 2 Online Food Ordering System, Online Food Ordering System | 2026-03-30 | 8.8 High |
| A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the Actions.php file (specifically the save_category action). The application fails to properly sanitize user input supplied to the "name" parameter. This allows an authenticated attacker to inject malicious SQL commands. | ||||
| CVE-2026-30568 | 2 Ahsanriaz26gmailcom, Sourcecodester | 2 Inventory System, Inventory System | 2026-03-30 | 4.8 Medium |
| A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Sales and Inventory System 1.0 in in the view_purchase.php file via the "limit" parameter. The application fails to sanitize the input, allowing remote attackers to inject arbitrary web script or HTML via a crafted URL. | ||||
| CVE-2026-3980 | 2 Sourcecodester, Unguardable | 2 Doctor Appointment System, Online Doctor Appointment System | 2026-03-20 | 7.3 High |
| A vulnerability has been found in itsourcecode Online Doctor Appointment System 1.0. This impacts an unknown function of the file /admin/patient_action.php. Such manipulation of the argument patient_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2026-3981 | 2 Sourcecodester, Unguardable | 2 Doctor Appointment System, Online Doctor Appointment System | 2026-03-20 | 7.3 High |
| A vulnerability was found in itsourcecode Online Doctor Appointment System 1.0. Affected is an unknown function of the file /admin/doctor_action.php. Performing a manipulation of the argument ID results in sql injection. Remote exploitation of the attack is possible. The exploit has been made public and could be used. | ||||
| CVE-2024-8342 | 2 Nelzkie15, Sourcecodester | 2 Pet Shop Management System, Petshop Management System | 2026-02-24 | 6.3 Medium |
| A vulnerability, which was classified as critical, has been found in SourceCodester Petshop Management System 1.0. This issue affects some unknown processing of the file /controllers/add_client.php. The manipulation of the argument image_profile leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||