Filtered by vendor Sourcecodester
Subscriptions
Total
556 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-49984 | 2 Oretnom23, Sourcecodester | 2 School Fees Management System, School Fees Management System | 2025-04-16 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in the component /management/settings of School Fees Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter. | ||||
| CVE-2024-31545 | 2 Oretnom23, Sourcecodester | 2 Computer Laboratory Management System, Computer Laboratory Management System | 2025-04-14 | 9.4 Critical |
| Computer Laboratory Management System v1.0 is vulnerable to SQL Injection via the "id" parameter of /admin/?page=user/manage_user&id=6. | ||||
| CVE-2024-31546 | 2 Oretnom23, Sourcecodester | 2 Computer Laboratory Management System, Computer Laboratory Management System | 2025-04-14 | 9.8 Critical |
| Computer Laboratory Management System v1.0 is vulnerable to SQL Injection via the "id" parameter of /admin/damage/view_damage.php. | ||||
| CVE-2024-35581 | 2 Oretnom23, Sourcecodester | 2 Computer Laboratory Management System, Laboratory Management System | 2025-04-11 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in Sourcecodester Laboratory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Borrower Name input field. | ||||
| CVE-2024-35582 | 2 Oretnom23, Sourcecodester | 2 Computer Laboratory Management System, Laboratory Management System | 2025-04-11 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in Sourcecodester Laboratory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Department input field. | ||||
| CVE-2024-35583 | 2 Oretnom23, Sourcecodester | 2 Computer Laboratory Management System, Laboratory Management System | 2025-04-11 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in Sourcecodester Laboratory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Remarks input field. | ||||
| CVE-2024-35468 | 2 Oretnom23, Sourcecodester | 2 Human Resource Management System, Human Resource Management System | 2025-04-11 | 5.4 Medium |
| A SQL injection vulnerability in /hrm/index.php in SourceCodester Human Resource Management System 1.0 allows attackers to execute arbitrary SQL commands via the password parameter. | ||||
| CVE-2024-35469 | 2 Oretnom23, Sourcecodester | 2 Human Resource Management System, Human Resource Management System | 2025-04-11 | 9.8 Critical |
| A SQL injection vulnerability in /hrm/user/ in SourceCodester Human Resource Management System 1.0 allows attackers to execute arbitrary SQL commands via the password parameter. | ||||
| CVE-2024-36568 | 2 Mayurik, Sourcecodester | 2 Gas Agency Management System, Gas Agency Management System | 2025-04-11 | 9.8 Critical |
| Sourcecodester Gas Agency Management System v1.0 is vulnerable to SQL Injection via /gasmark/editbrand.php?id=. | ||||
| CVE-2024-36569 | 2 Mayurik, Sourcecodester | 2 Gas Agency Management System, Gas Agency Management System | 2025-04-11 | 8.1 High |
| Sourcecodester Gas Agency Management System v1.0 is vulnerable to arbitrary code execution via editClientImage.php. | ||||
| CVE-2024-31586 | 2 Oretnom23, Sourcecodester | 2 Computer Laboratory Management System, Computer Laboratory Management System | 2025-04-11 | 6.1 Medium |
| A Cross Site Scripting (XSS) vulnerability exists in Computer Laboratory Management System version 1.0. This vulnerability allows a remote attacker to execute arbitrary code via the Borrower Name, Department, and Remarks parameters. | ||||
| CVE-2024-2604 | 1 Sourcecodester | 1 File Management App | 2025-04-10 | 6.3 Medium |
| A vulnerability was found in SourceCodester File Manager App 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /endpoint/update-file.php. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-257182 is the identifier assigned to this vulnerability. | ||||
| CVE-2023-23019 | 2 Oretnom23, Sourcecodester | 2 Blog Site, Blog Site | 2025-04-04 | 5.4 Medium |
| Cross site scripting (XSS) vulnerability in file main.php in sourcecodester oretnom23 Blog Site 1.0 via the name and email parameters to function user_add.\ | ||||
| CVE-2024-31065 | 2 Munyweki, Sourcecodester | 2 Insurance Management System, Insurance Management System | 2025-04-03 | 6.1 Medium |
| Cross Site Scripting vulnerability in Insurance Mangement System v.1.0.0 and before allows a remote attacker to execute arbitrary code via the City input field. | ||||
| CVE-2024-29301 | 2 Mayurik, Sourcecodester | 2 Php Task Management System, Php Task Management System | 2025-04-01 | 7.5 High |
| SourceCodester PHP Task Management System 1.0 is vulnerable to SQL Injection via update-admin.php?admin_id= | ||||
| CVE-2024-29302 | 2 Mayurik, Sourcecodester | 2 Php Task Management System, Php Task Management System | 2025-04-01 | 7.5 High |
| SourceCodester PHP Task Management System 1.0 is vulnerable to SQL Injection via update-employee.php. | ||||
| CVE-2023-49974 | 2 Oretnom23, Sourcecodester | 2 Customer Support System, Customer Support System | 2025-03-28 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the contact parameter at /customer_support/index.php?page=customer_list. | ||||
| CVE-2023-51281 | 2 Oretnom23, Sourcecodester | 2 Customer Support System, Customer Support System | 2025-03-28 | 5.4 Medium |
| Cross Site Scripting vulnerability in Customer Support System v.1.0 allows a remote attacker to escalate privileges via a crafted script firstname, "lastname", "middlename", "contact" and address parameters. | ||||
| CVE-2024-27747 | 2 Mayurik, Sourcecodester | 2 Petrol Pump Management, Petrol Pump Management | 2025-03-28 | 9.8 Critical |
| File Upload vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to execute arbitrary code via a crafted payload to the email Image parameter in the profile.php component. | ||||
| CVE-2023-49545 | 2 Oretnom23, Sourcecodester | 2 Customer Support System, Customer Support System | 2025-03-28 | 7.5 High |
| A directory listing vulnerability in Customer Support System v1 allows attackers to list directories and sensitive files within the application without requiring authorization. | ||||