Filtered by vendor Sourcecodester
Subscriptions
Total
346 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-10076 | 2 Razormist, Sourcecodester | 2 Online Polling System, Online Polling System | 2025-09-09 | 7.3 High |
| A weakness has been identified in SourceCodester Online Polling System 1.0. This affects an unknown function of the file /manage-profile.php. This manipulation of the argument email causes sql injection. The attack may be initiated remotely. The exploit has been made available to the public and could be exploited. | ||||
| CVE-2025-10075 | 2 Razormist, Sourcecodester | 2 Online Polling System, Online Polling System | 2025-09-09 | 3.5 Low |
| A security flaw has been discovered in SourceCodester Online Polling System 1.0. The impacted element is an unknown function of the file /manage-profile.php. The manipulation of the argument firstname results in cross site scripting. The attack can be launched remotely. The exploit has been released to the public and may be exploited. | ||||
| CVE-2025-10083 | 2 Mayuri K, Sourcecodester | 2 Pet Grooming Management Software, Pet Grooming Management Software | 2025-09-08 | 6.3 Medium |
| A vulnerability was determined in SourceCodester Pet Grooming Management Software 1.0. Affected by this issue is some unknown functionality of the file /admin/profile.php. Executing manipulation can lead to unrestricted upload. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2025-10085 | 2 Mayuri K, Sourcecodester | 2 Pet Grooming Management Software, Pet Grooming Management Software | 2025-09-08 | 6.3 Medium |
| A security flaw has been discovered in SourceCodester Pet Grooming Management Software 1.0. This vulnerability affects unknown code of the file manage_website.php. The manipulation results in unrestricted upload. It is possible to launch the attack remotely. The exploit has been released to the public and may be exploited. | ||||
| CVE-2025-10087 | 2 Mayuri K, Sourcecodester | 2 Pet Grooming Management Software, Pet Grooming Management Software | 2025-09-08 | 4.7 Medium |
| A security vulnerability has been detected in SourceCodester Pet Grooming Management Software 1.0. Impacted is an unknown function of the file /admin/profit_report.php. Such manipulation of the argument product_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. | ||||
| CVE-2025-10088 | 2 Rems, Sourcecodester | 2 Personal Time Tracker, Time Tracker | 2025-09-08 | 3.5 Low |
| A vulnerability was detected in SourceCodester Time Tracker 1.0. The affected element is an unknown function of the file /index.html. Performing manipulation of the argument project-name results in cross site scripting. The attack may be initiated remotely. The exploit is now public and may be used. | ||||
| CVE-2025-56608 | 3 Donbermoy, Google, Sourcecodester | 3 Android Corona Virus Tracker App For India, Android, Corona Virus Tracker App India | 2025-09-08 | 4.2 Medium |
| The SourceCodester Android application "Corona Virus Tracker App India" 1.0 uses MD5 for digest authentication in `OkHttpClientWrapper.java`. The `handleDigest()` function employs `MessageDigest.getInstance("MD5")` to hash credentials. MD5 is a broken cryptographic algorithm known to allow hash collisions. This makes the authentication mechanism vulnerable to replay, spoofing, or brute-force attacks, potentially leading to unauthorized access. The vulnerability corresponds to CWE-327 and aligns with OWASP M5: Insufficient Cryptography and MASVS MSTG-CRYPTO-4. | ||||
| CVE-2025-9699 | 2 Razormist, Sourcecodester | 2 Online Polling System, Online Polling System | 2025-09-08 | 7.3 High |
| A vulnerability was detected in SourceCodester Online Polling System Code 1.0. This vulnerability affects unknown code of the file /admin/checklogin.php. The manipulation of the argument myusername results in sql injection. The attack may be performed from a remote location. The exploit is now public and may be used. | ||||
| CVE-2025-9700 | 2 Janobe, Sourcecodester | 2 Online Book Store, Online Book Store | 2025-09-08 | 7.3 High |
| A flaw has been found in SourceCodester Online Book Store 1.0. This issue affects some unknown processing of the file /publisher_list.php. This manipulation of the argument pubid causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used. | ||||
| CVE-2025-9701 | 2 Oretnom23, Sourcecodester | 2 Simple Cafe Billing System, Simple Cafe Billing System | 2025-09-08 | 7.3 High |
| A vulnerability was determined in SourceCodester Simple Cafe Billing System 1.0. The impacted element is an unknown function of the file /receipt.php. Executing manipulation of the argument ID can lead to sql injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2025-9702 | 2 Oretnom23, Sourcecodester | 2 Simple Cafe Billing System, Simple Cafe Billing System | 2025-09-08 | 7.3 High |
| A vulnerability was identified in SourceCodester Simple Cafe Billing System 1.0. This affects an unknown function of the file /sales_report.php. The manipulation of the argument month leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and might be used. | ||||
| CVE-2025-9704 | 2 Janobe, Sourcecodester | 2 Water Billing System, Water Billing System | 2025-09-08 | 7.3 High |
| A security flaw has been discovered in SourceCodester Water Billing System 1.0. This impacts an unknown function of the file /viewbill.php. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may be exploited. | ||||
| CVE-2025-9705 | 2 Janobe, Sourcecodester | 2 Water Billing System, Water Billing System | 2025-09-08 | 7.3 High |
| A weakness has been identified in SourceCodester Water Billing System 1.0. Affected is an unknown function of the file /paybill.php. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited. | ||||
| CVE-2025-9706 | 2 Janobe, Sourcecodester | 2 Water Billing System, Water Billing System | 2025-09-08 | 7.3 High |
| A security vulnerability has been detected in SourceCodester Water Billing System 1.0. Affected by this vulnerability is an unknown functionality of the file /edit.php. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. | ||||
| CVE-2025-9757 | 2 Campcodes, Sourcecodester | 2 Courier Management System, Courier Management System | 2025-09-08 | 7.3 High |
| A vulnerability was determined in Campcodes/SourceCodester Courier Management System 1.0. Affected is the function Login of the file /ajax.php. This manipulation of the argument email causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2025-9759 | 2 Campcodes, Sourcecodester | 2 Courier Management System, Courier Management System | 2025-09-08 | 7.3 High |
| A security flaw has been discovered in Campcodes/SourceCodester Courier Management System 1.0. Affected by this issue is the function Signup of the file /ajax.php. Performing manipulation of the argument lastname results in sql injection. It is possible to initiate the attack remotely. The exploit has been released to the public and may be exploited. | ||||
| CVE-2025-9832 | 2 Oretnom23, Sourcecodester | 2 Food Ordering Management System, Food Ordering Management System | 2025-09-05 | 7.3 High |
| A security vulnerability has been detected in SourceCodester Food Ordering Management System 1.0. Affected is an unknown function of the file /routers/register-router.php. Such manipulation of the argument phone leads to sql injection. The attack may be performed from remote. The exploit has been disclosed publicly and may be used. | ||||
| CVE-2025-9833 | 2 Donbermoy, Sourcecodester | 2 Online Farm Management System, Online Farm Management System | 2025-09-05 | 7.3 High |
| A vulnerability was detected in SourceCodester Online Farm Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /Login/login.php. Performing manipulation of the argument uname results in sql injection. It is possible to initiate the attack remotely. The exploit is now public and may be used. | ||||
| CVE-2025-57425 | 2 Remyandrade, Sourcecodester | 2 Faq Management System, Faq Management System | 2025-09-04 | 6.1 Medium |
| A Stored Cross-Site Scripting (XSS) vulnerability in SourceCodester FAQ Management System 1.0 allows an authenticated attacker to inject malicious JavaScript into the 'question' and 'answer' fields via the update-faq.php endpoint. | ||||
| CVE-2025-9771 | 2 Neville, Sourcecodester | 2 Eye Clinic Management System, Eye Clinic Management System | 2025-09-03 | 7.3 High |
| A security vulnerability has been detected in SourceCodester Eye Clinic Management System 1.0. Affected by this issue is some unknown functionality of the file /main/search_index_Diagnosis.php. Such manipulation of the argument Search leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. | ||||