Filtered by vendor Sourcecodester
Subscriptions
Total
460 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-13267 | 3 Dental Clinic Appointment Reservation System Project, Jkev, Sourcecodester | 3 Dental Clinic Appointment Reservation System, Dental Clinic Appointment Reservation System, Dental Clinic Appointment Reservation System | 2025-11-20 | 6.3 Medium |
| A vulnerability was detected in SourceCodester Dental Clinic Appointment Reservation System 1.0. Impacted is an unknown function of the file /success.php. Performing manipulation of the argument username/password results in sql injection. The attack can be initiated remotely. The exploit is now public and may be used. | ||||
| CVE-2025-63708 | 2 Remyandrade, Sourcecodester | 2 Ai Font Matcher, Ai Font Matcher | 2025-11-20 | 6.1 Medium |
| Cross-Site Scripting (XSS) vulnerability exists in SourceCodester AI Font Matcher (nid=18425, 2025-10-10) that allows remote attackers to execute arbitrary JavaScript in victims' browsers. The vulnerability occurs in the webfonts API handling mechanism where font family names are not properly sanitized. An attacker can intercept fetch requests to the webfonts endpoint and inject malicious JavaScript payloads through font family names, resulting in session cookie theft, account hijacking, and unauthorized actions performed on behalf of authenticated users. The vulnerability can be exploited by injecting a fetch hook that returns controlled font data containing malicious scripts. | ||||
| CVE-2025-13343 | 2 Janobe, Sourcecodester | 2 Interview Management System, Interview Management System | 2025-11-20 | 3.5 Low |
| A security flaw has been discovered in SourceCodester Interview Management System 1.0. Affected is an unknown function of the file /editQuestion.php. The manipulation of the argument Question results in cross site scripting. It is possible to launch the attack remotely. The exploit has been released to the public and may be exploited. | ||||
| CVE-2025-13349 | 2 Remyandrade, Sourcecodester | 2 Student Grades Management System, Student Grades Management System | 2025-11-20 | 3.5 Low |
| A vulnerability has been found in SourceCodester Student Grades Management System 1.0. This issue affects some unknown processing of the file /grades.php of the component Add New Grade Page. The manipulation of the argument Remarks leads to cross site scripting. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-13347 | 2 Oretnom23, Sourcecodester | 2 Train Station Ticketing System, Train Station Ticketing System | 2025-11-19 | 6.3 Medium |
| A flaw has been found in SourceCodester Train Station Ticketing System 1.0. This vulnerability affects unknown code of the file /ajax.php?action=save_user. Executing manipulation of the argument Username can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be used. | ||||
| CVE-2025-13200 | 2 Janobe, Sourcecodester | 2 Farm Management System, Farm Management System | 2025-11-19 | 5.3 Medium |
| A vulnerability was determined in SourceCodester Farm Management System 1.0. Affected by this vulnerability is an unknown functionality. This manipulation causes exposure of information through directory listing. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2025-63891 | 2 Oretnom23, Sourcecodester | 2 Simple Online Book Store System, Simple Online Book Store System | 2025-11-19 | 7.5 High |
| Information Disclosure in web-accessible backup file in SourceCodester Simple Online Book Store System allows a remote unauthenticated attacker to disclose full database contents (including schema and credential hashes) via an unauthenticated HTTP GET request to /obs/database/obs_db.sql. | ||||
| CVE-2025-13263 | 2 Oretnom23, Sourcecodester | 2 Online Magazine Management System, Online Magazine Management System | 2025-11-19 | 6.3 Medium |
| A vulnerability was identified in SourceCodester Online Magazine Management System 1.0. Affected by this issue is some unknown functionality of the file /categories.php. The manipulation of the argument c leads to sql injection. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. | ||||
| CVE-2025-13264 | 2 Oretnom23, Sourcecodester | 2 Online Magazine Management System, Online Magazine Management System | 2025-11-19 | 6.3 Medium |
| A security flaw has been discovered in SourceCodester Online Magazine Management System 1.0. This affects an unknown part of the file /view_magazine.php. The manipulation of the argument ID results in sql injection. The attack may be performed from remote. The exploit has been released to the public and may be exploited. | ||||
| CVE-2025-13344 | 2 Oretnom23, Sourcecodester | 2 Train Station Ticketing System, Train Station Ticketing System | 2025-11-19 | 7.3 High |
| A weakness has been identified in SourceCodester Train Station Ticketing System 1.0. Affected by this vulnerability is an unknown functionality of the file /ajax.php?action=login. This manipulation of the argument Username causes sql injection. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited. | ||||
| CVE-2025-12853 | 2 Mayurik, Sourcecodester | 2 Best House Rental Management System, Best House Rental Management System | 2025-11-18 | 4.7 Medium |
| A vulnerability was determined in SourceCodester Best House Rental Management System 1.0. This affects the function delete_house of the file /admin_class.php. Executing manipulation of the argument ID can lead to sql injection. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2025-63713 | 2 Remyandrade, Sourcecodester | 2 Matching Type Test, Matchmaster | 2025-11-18 | 6.1 Medium |
| Cross-Site Scripting (XSS) vulnerability in SourceCodester "MatchMaster" 1.0 allows remote attackers to inject arbitrary web script or HTML via crafted input in the custom test creation feature. The vulnerability exists because the application fails to properly sanitize user-supplied input in test titles and matching pair items before rendering them in the DOM during test execution. | ||||
| CVE-2025-12926 | 2 Janobe, Sourcecodester | 2 Farm Management System, Farm Management System | 2025-11-18 | 6.3 Medium |
| A weakness has been identified in SourceCodester Farm Management System 1.0. The affected element is an unknown function of the file /review.php. This manipulation of the argument pid causes sql injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited. | ||||
| CVE-2025-12929 | 2 Oretnom23, Sourcecodester | 2 Survey Application System, Survey Application System | 2025-11-18 | 7.3 High |
| A flaw has been found in SourceCodester Survey Application System 1.0. This impacts the function save_user/update_user of the file /LoginRegistration.php. Executing manipulation of the argument fullname can lead to sql injection. The attack may be performed from remote. The exploit has been published and may be used. Other parameters might be affected as well. | ||||
| CVE-2025-12930 | 2 Janobe, Sourcecodester | 2 Food Ordering System, Food Ordering Management System | 2025-11-18 | 6.3 Medium |
| A vulnerability has been found in SourceCodester Food Ordering System 1.0. Affected is an unknown function of the file /view-ticket.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-12931 | 2 Janobe, Sourcecodester | 2 Food Ordering System, Food Ordering Management System | 2025-11-18 | 6.3 Medium |
| A vulnerability was found in SourceCodester Food Ordering System 1.0. Affected by this vulnerability is an unknown functionality of the file /routers/edit-orders.php. The manipulation of the argument ID results in sql injection. It is possible to launch the attack remotely. The exploit has been made public and could be used. | ||||
| CVE-2025-63712 | 2 Senior-walter, Sourcecodester | 2 Web-based Pharmacy Product Management System, Product Expiry Management System | 2025-11-18 | 4.5 Medium |
| Cross-Site Request Forgery (CSRF) in SourceCodester Product Expiry Management System. The User Management module (delete-user.php) allows remote attackers to delete arbitrary user accounts via forged cross-origin GET requests because the endpoint relies solely on session cookies and lacks CSRF protection. | ||||
| CVE-2025-10081 | 2 Mayurik, Sourcecodester | 2 Pet Grooming Management Software, Pet Management System | 2025-11-17 | 4.7 Medium |
| A flaw has been found in SourceCodester Pet Management System 1.0. This impacts an unknown function of the file /admin/profile.php. This manipulation of the argument website_image causes unrestricted upload. Remote exploitation of the attack is possible. The exploit has been published and may be used. | ||||
| CVE-2025-10085 | 2 Mayurik, Sourcecodester | 2 Pet Grooming Management Software, Pet Grooming Management Software | 2025-11-17 | 6.3 Medium |
| A security flaw has been discovered in SourceCodester Pet Grooming Management Software 1.0. This vulnerability affects unknown code of the file manage_website.php. The manipulation results in unrestricted upload. It is possible to launch the attack remotely. The exploit has been released to the public and may be exploited. | ||||
| CVE-2025-10083 | 2 Mayurik, Sourcecodester | 2 Pet Grooming Management Software, Pet Grooming Management Software | 2025-11-17 | 6.3 Medium |
| A vulnerability was determined in SourceCodester Pet Grooming Management Software 1.0. Affected by this issue is some unknown functionality of the file /admin/profile.php. Executing manipulation can lead to unrestricted upload. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. | ||||