CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2025-1596 – SourceCodester Best Church Management Software fpassword.php sql injection
https://notcve.org/view.php?id=CVE-2025-1596
23 Feb 2025 — A vulnerability was found in SourceCodester Best Church Management Software 1.0 and classified as critical. This issue affects some unknown processing of the file /fpassword.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/xiahao90/CVEproject/blob/main/xiahao.webray.com.cn/best-church-management-software-sql.md • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1593 – SourceCodester Best Employee Management System Profile Picture unrestricted upload
https://notcve.org/view.php?id=CVE-2025-1593
23 Feb 2025 — A vulnerability classified as critical has been found in SourceCodester Best Employee Management System 1.0. This affects an unknown part of the file /_hr_soft/assets/uploadImage/Profile/ of the component Profile Picture Handler. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. Es wurde eine Schwachstelle in SourceCodester Best Employee Management System 1.0 entdeckt. • https://vuldb.com/?ctiid.296577 • CWE-284: Improper Access Control CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1592 – SourceCodester Best Employee Management System Add Role Page Role.php cross site scripting
https://notcve.org/view.php?id=CVE-2025-1592
23 Feb 2025 — A vulnerability was found in SourceCodester Best Employee Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/Operations/Role.php of the component Add Role Page. The manipulation of the argument assign_name/description leads to cross site scripting. The attack may be launched remotely. • https://vuldb.com/?ctiid.296576 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1591 – SourceCodester Employee Management System Department Page department.php cross site scripting
https://notcve.org/view.php?id=CVE-2025-1591
23 Feb 2025 — A vulnerability was found in SourceCodester Employee Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /department.php of the component Department Page. The manipulation of the argument Department Name leads to cross site scripting. The attack can be launched remotely. • https://vuldb.com/?ctiid.296575 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1590 – SourceCodester E-Learning System List of Lessons Page index.php unrestricted upload
https://notcve.org/view.php?id=CVE-2025-1590
23 Feb 2025 — A vulnerability was found in SourceCodester E-Learning System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/modules/lesson/index.php of the component List of Lessons Page. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. • https://vuldb.com/?ctiid.296574 • CWE-284: Improper Access Control CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1589 – SourceCodester E-Learning System User Registration register.php cross site scripting
https://notcve.org/view.php?id=CVE-2025-1589
23 Feb 2025 — A vulnerability was found in SourceCodester E-Learning System 1.0 and classified as problematic. This issue affects some unknown processing of the file /register.php of the component User Registration Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. Eine problematische Schwachstelle wurde in SourceCodester E-Learning System 1.0 gefunden. • https://vuldb.com/?ctiid.296573 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2025-1587 – SourceCodester Telecom Billing Management System Add New Record main.cpp addrecords buffer overflow
https://notcve.org/view.php?id=CVE-2025-1587
23 Feb 2025 — A vulnerability was found in SourceCodester Telecom Billing Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file main.cpp of the component Add New Record. The manipulation of the argument name leads to buffer overflow. Local access is required to approach this attack. • https://github.com/wshRE/CVE/issues/1 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2025-1202 – SourceCodester Best Church Management Software edit_slider.php sql injection
https://notcve.org/view.php?id=CVE-2025-1202
12 Feb 2025 — A vulnerability classified as critical has been found in SourceCodester Best Church Management Software 1.1. Affected is an unknown function of the file /admin/edit_slider.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Yesec/Best-church-management-software/blob/main/edit_slider.php.md • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2025-1201 – SourceCodester Best Church Management Software profile_crud.php sql injection
https://notcve.org/view.php?id=CVE-2025-1201
12 Feb 2025 — A vulnerability was found in SourceCodester Best Church Management Software 1.1. It has been rated as critical. This issue affects some unknown processing of the file /admin/app/profile_crud.php. The manipulation leads to sql injection. The attack may be initiated remotely. • https://github.com/Yesec/Best-church-management-software/blob/main/profile_crud.php_SQLi.md • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2025-1200 – SourceCodester Best Church Management Software slider_crud.php sql injection
https://notcve.org/view.php?id=CVE-2025-1200
12 Feb 2025 — A vulnerability was found in SourceCodester Best Church Management Software 1.1. It has been declared as critical. This vulnerability affects unknown code of the file /admin/app/slider_crud.php. The manipulation of the argument del_id leads to sql injection. The attack can be initiated remotely. • https://github.com/Yesec/Best-church-management-software/blob/main/slider_crud.php_SQLi.md • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •