CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-6355 – SourceCodester Online Hotel Reservation System execeditroom.php sql injection
https://notcve.org/view.php?id=CVE-2025-6355
20 Jun 2025 — A vulnerability has been found in SourceCodester Online Hotel Reservation System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/execeditroom.php. The manipulation of the argument userid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/rom4j/cve/issues/15 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-6346 – SourceCodester Advance Charity Management System fundDetails.php sql injection
https://notcve.org/view.php?id=CVE-2025-6346
20 Jun 2025 — A vulnerability was found in SourceCodester Advance Charity Management System 1.0. It has been classified as critical. This affects an unknown part of the file /members/fundDetails.php. The manipulation of the argument m06 leads to sql injection. It is possible to initiate the attack remotely. • https://gist.github.com/0xCaptainFahim/86a679533ca293c98be5ab91b76b213f • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2025-6345 – SourceCodester My Food Recipe Add Recipe Page add-recipe.php addRecipeModal cross site scripting
https://notcve.org/view.php?id=CVE-2025-6345
20 Jun 2025 — A vulnerability was found in SourceCodester My Food Recipe 1.0 and classified as problematic. Affected by this issue is the function addRecipeModal of the file /endpoint/add-recipe.php of the component Add Recipe Page. The manipulation of the argument Name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/RaulPazemecxas/PoCVulDb/blob/main/README4.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-6161 – SourceCodester Simple Food Ordering System editproduct.php unrestricted upload
https://notcve.org/view.php?id=CVE-2025-6161
17 Jun 2025 — A vulnerability, which was classified as critical, was found in SourceCodester Simple Food Ordering System 1.0. Affected is an unknown function of the file /editproduct.php. The manipulation of the argument photo leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/kakalalaww/CVE/issues/17 • CWE-284: Improper Access Control CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-6160 – SourceCodester Client Database Management System user_customer_create_order.php sql injection
https://notcve.org/view.php?id=CVE-2025-6160
17 Jun 2025 — A vulnerability, which was classified as critical, has been found in SourceCodester Client Database Management System 1.0. This issue affects some unknown processing of the file /user_customer_create_order.php. The manipulation of the argument user_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/yitianweiming/cve/issues/1 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-5984 – SourceCodester Online Student Clearance System add-fee.php cross site scripting
https://notcve.org/view.php?id=CVE-2025-5984
10 Jun 2025 — A vulnerability has been found in SourceCodester Online Student Clearance System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /Admin/add-fee.php. The manipulation of the argument txtamt leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://vuldb.com/?ctiid.311899 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2025-5840 – SourceCodester Client Database Management System user_update_customer_order.php unrestricted upload
https://notcve.org/view.php?id=CVE-2025-5840
07 Jun 2025 — A vulnerability, which was classified as critical, was found in SourceCodester Client Database Management System 1.0. This affects an unknown part of the file /user_update_customer_order.php. The manipulation of the argument uploaded_file leads to unrestricted upload. It is possible to initiate the attack remotely. Se encontró una vulnerabilidad clasificada como crítica en SourceCodester Client Database Management System 1.0. • https://github.com/haxerr9/CVE-2025-5840 • CWE-284: Improper Access Control CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2025-5758 – SourceCodester Open Source Clinic Management System doctor.php sql injection
https://notcve.org/view.php?id=CVE-2025-5758
06 Jun 2025 — A vulnerability classified as critical has been found in SourceCodester Open Source Clinic Management System 1.0. This affects an unknown part of the file /doctor.php. The manipulation of the argument doctorname leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/mysq13/CVE/issues/6 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2CVE-2025-5755 – SourceCodester Open Source Clinic Management System email_config.php sql injection
https://notcve.org/view.php?id=CVE-2025-5755
06 Jun 2025 — A vulnerability was found in SourceCodester Open Source Clinic Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /email_config.php. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. • https://github.com/cyberajju/cve-2025-5755 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2025-5728 – SourceCodester Open Source Clinic Management System manage_website.php unrestricted upload
https://notcve.org/view.php?id=CVE-2025-5728
06 Jun 2025 — A vulnerability classified as critical was found in SourceCodester Open Source Clinic Management System 1.0. This vulnerability affects unknown code of the file /manage_website.php. The manipulation of the argument website_image leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://vuldb.com/?id.311248 • CWE-284: Improper Access Control CWE-434: Unrestricted Upload of File with Dangerous Type •