CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2025-1599 – SourceCodester Best Church Management Software profile_crud.php path traversal
https://notcve.org/view.php?id=CVE-2025-1599
24 Feb 2025 — A vulnerability was found in SourceCodester Best Church Management Software 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/app/profile_crud.php. The manipulation of the argument old_cat_img leads to path traversal: '../filedir'. • https://github.com/xiahao90/CVEproject/blob/main/xiahao.webray.com.cn/best-church-management-software-Delete-any-file.md • CWE-23: Relative Path Traversal CWE-24: Path Traversal: '../filedir' •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-1598 – SourceCodester Best Church Management Software asset_crud.php unrestricted upload
https://notcve.org/view.php?id=CVE-2025-1598
23 Feb 2025 — A vulnerability was found in SourceCodester Best Church Management Software 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/app/asset_crud.php. The manipulation of the argument photo1 leads to unrestricted upload. The attack can be launched remotely. • https://github.com/xiahao90/CVEproject/blob/main/xiahao.webray.com.cn/best-church-management-software-Arbitrary-File-Upload.md • CWE-284: Improper Access Control CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2025-1597 – SourceCodester Best Church Management Software redirect.php cross site scripting
https://notcve.org/view.php?id=CVE-2025-1597
23 Feb 2025 — A vulnerability was found in SourceCodester Best Church Management Software 1.0. It has been classified as problematic. Affected is an unknown function of the file /admin/redirect.php. The manipulation of the argument a leads to cross site scripting. It is possible to launch the attack remotely. • https://github.com/xiahao90/CVEproject/blob/main/xiahao.webray.com.cn/best-church-management-software-xss.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2025-1596 – SourceCodester Best Church Management Software fpassword.php sql injection
https://notcve.org/view.php?id=CVE-2025-1596
23 Feb 2025 — A vulnerability was found in SourceCodester Best Church Management Software 1.0 and classified as critical. This issue affects some unknown processing of the file /fpassword.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/xiahao90/CVEproject/blob/main/xiahao.webray.com.cn/best-church-management-software-sql.md • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1593 – SourceCodester Best Employee Management System Profile Picture unrestricted upload
https://notcve.org/view.php?id=CVE-2025-1593
23 Feb 2025 — A vulnerability classified as critical has been found in SourceCodester Best Employee Management System 1.0. This affects an unknown part of the file /_hr_soft/assets/uploadImage/Profile/ of the component Profile Picture Handler. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. Es wurde eine Schwachstelle in SourceCodester Best Employee Management System 1.0 entdeckt. • https://vuldb.com/?ctiid.296577 • CWE-284: Improper Access Control CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1592 – SourceCodester Best Employee Management System Add Role Page Role.php cross site scripting
https://notcve.org/view.php?id=CVE-2025-1592
23 Feb 2025 — A vulnerability was found in SourceCodester Best Employee Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/Operations/Role.php of the component Add Role Page. The manipulation of the argument assign_name/description leads to cross site scripting. The attack may be launched remotely. • https://vuldb.com/?ctiid.296576 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1591 – SourceCodester Employee Management System Department Page department.php cross site scripting
https://notcve.org/view.php?id=CVE-2025-1591
23 Feb 2025 — A vulnerability was found in SourceCodester Employee Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /department.php of the component Department Page. The manipulation of the argument Department Name leads to cross site scripting. The attack can be launched remotely. • https://vuldb.com/?ctiid.296575 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1590 – SourceCodester E-Learning System List of Lessons Page index.php unrestricted upload
https://notcve.org/view.php?id=CVE-2025-1590
23 Feb 2025 — A vulnerability was found in SourceCodester E-Learning System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/modules/lesson/index.php of the component List of Lessons Page. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. • https://vuldb.com/?ctiid.296574 • CWE-284: Improper Access Control CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1589 – SourceCodester E-Learning System User Registration register.php cross site scripting
https://notcve.org/view.php?id=CVE-2025-1589
23 Feb 2025 — A vulnerability was found in SourceCodester E-Learning System 1.0 and classified as problematic. This issue affects some unknown processing of the file /register.php of the component User Registration Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. Eine problematische Schwachstelle wurde in SourceCodester E-Learning System 1.0 gefunden. • https://vuldb.com/?ctiid.296573 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2025-1587 – SourceCodester Telecom Billing Management System Add New Record main.cpp addrecords buffer overflow
https://notcve.org/view.php?id=CVE-2025-1587
23 Feb 2025 — A vulnerability was found in SourceCodester Telecom Billing Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file main.cpp of the component Add New Record. The manipulation of the argument name leads to buffer overflow. Local access is required to approach this attack. • https://github.com/wshRE/CVE/issues/1 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •