CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2025-2387 – SourceCodester Online Food Ordering System ajax.php sql injection
https://notcve.org/view.php?id=CVE-2025-2387
17 Mar 2025 — A vulnerability was found in SourceCodester Online Food Ordering System 2.0. It has been classified as critical. Affected is an unknown function of the file /admin/ajax.php?action=add_to_cart. The manipulation of the argument pid leads to sql injection. • https://github.com/aionman/cve/issues/9 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 1CVE-2025-2377 – SourceCodester Vehicle Management System confirmbooking.php cross site scripting
https://notcve.org/view.php?id=CVE-2025-2377
17 Mar 2025 — A vulnerability was found in SourceCodester Vehicle Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /confirmbooking.php. The manipulation of the argument id leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Keyand/Multi-Restaurant-Table-Reservation-System-Search/blob/main/Vehicle%20Management%20System%20confirmbooking.php%20has%20Cross-site%20Scripting%20(XSS).pdf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2025-2046 – SourceCodester Best Employee Management System print1.php sql injection
https://notcve.org/view.php?id=CVE-2025-2046
06 Mar 2025 — A vulnerability was found in SourceCodester Best Employee Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/print1.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Hefei-Coffee/cve/issues/2 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2025-1961 – SourceCodester Best Church Management Software web_crud.php sql injection
https://notcve.org/view.php?id=CVE-2025-1961
04 Mar 2025 — A vulnerability has been found in SourceCodester Best Church Management Software 1.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/app/web_crud.php. The manipulation of the argument encryption leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Yesec/Best-church-management-software/blob/main/web_crud.php_SQLi.md • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2025-1905 – SourceCodester Employee Management System employee.php cross site scripting
https://notcve.org/view.php?id=CVE-2025-1905
04 Mar 2025 — A vulnerability, which was classified as problematic, was found in SourceCodester Employee Management System 1.0. This affects an unknown part of the file employee.php. The manipulation of the argument Full Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/sorcha-l/cve/blob/main/Employee%20Management%20System%20by%20rems%20has%20xss.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2025-1607 – SourceCodester Best Employee Management System salary_slip.php authorization
https://notcve.org/view.php?id=CVE-2025-1607
24 Feb 2025 — A vulnerability, which was classified as problematic, has been found in SourceCodester Best Employee Management System 1.0. This issue affects some unknown processing of the file /admin/salary_slip.php. The manipulation of the argument id leads to authorization bypass. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/xiahao90/CVEproject/blob/main/xiahao.webray.com.cn/Best-employee-management-system-unauthorized-access.md • CWE-285: Improper Authorization CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2025-1606 – SourceCodester Best Employee Management System backups.php information disclosure
https://notcve.org/view.php?id=CVE-2025-1606
24 Feb 2025 — A vulnerability classified as problematic was found in SourceCodester Best Employee Management System 1.0. This vulnerability affects unknown code of the file /admin/backup/backups.php. The manipulation leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/xiahao90/CVEproject/blob/main/xiahao.webray.com.cn/Best-employee-management-system-information-leakage.md • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-284: Improper Access Control •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2025-1599 – SourceCodester Best Church Management Software profile_crud.php path traversal
https://notcve.org/view.php?id=CVE-2025-1599
24 Feb 2025 — A vulnerability was found in SourceCodester Best Church Management Software 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/app/profile_crud.php. The manipulation of the argument old_cat_img leads to path traversal: '../filedir'. • https://github.com/xiahao90/CVEproject/blob/main/xiahao.webray.com.cn/best-church-management-software-Delete-any-file.md • CWE-23: Relative Path Traversal CWE-24: Path Traversal: '../filedir' •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-1598 – SourceCodester Best Church Management Software asset_crud.php unrestricted upload
https://notcve.org/view.php?id=CVE-2025-1598
23 Feb 2025 — A vulnerability was found in SourceCodester Best Church Management Software 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/app/asset_crud.php. The manipulation of the argument photo1 leads to unrestricted upload. The attack can be launched remotely. • https://github.com/xiahao90/CVEproject/blob/main/xiahao.webray.com.cn/best-church-management-software-Arbitrary-File-Upload.md • CWE-284: Improper Access Control CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2025-1597 – SourceCodester Best Church Management Software redirect.php cross site scripting
https://notcve.org/view.php?id=CVE-2025-1597
23 Feb 2025 — A vulnerability was found in SourceCodester Best Church Management Software 1.0. It has been classified as problematic. Affected is an unknown function of the file /admin/redirect.php. The manipulation of the argument a leads to cross site scripting. It is possible to launch the attack remotely. • https://github.com/xiahao90/CVEproject/blob/main/xiahao.webray.com.cn/best-church-management-software-xss.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •