CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1169 – SourceCodester Image Compressor Tool compressor.php cross site scripting
https://notcve.org/view.php?id=CVE-2025-1169
11 Feb 2025 — A vulnerability was found in SourceCodester Image Compressor Tool 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /image-compressor/compressor.php. The manipulation of the argument image leads to cross site scripting. The attack may be initiated remotely. • https://vuldb.com/?ctiid.295073 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-1168 – SourceCodester Contact Manager with Export to VCF delete-contact.php sql injection
https://notcve.org/view.php?id=CVE-2025-1168
11 Feb 2025 — A vulnerability was found in SourceCodester Contact Manager with Export to VCF 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /endpoint/delete-contact.php. The manipulation of the argument contact leads to sql injection. The attack can be initiated remotely. • https://vuldb.com/?ctiid.295072 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2025-1166 – SourceCodester Food Menu Manager update.php unrestricted upload
https://notcve.org/view.php?id=CVE-2025-1166
11 Feb 2025 — A vulnerability has been found in SourceCodester Food Menu Manager 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file endpoint/update.php. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://gist.github.com/jmx0hxq/0ce2c97ca11b2423a203b5719438c9f8 • CWE-284: Improper Access Control CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2025-1160 – SourceCodester Employee Management System index.php default credentials
https://notcve.org/view.php?id=CVE-2025-1160
10 Feb 2025 — A vulnerability was found in SourceCodester Employee Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file index.php. The manipulation of the argument username/password leads to use of default credentials. The attack may be launched remotely. • https://gist.github.com/jmx0hxq/0e9cde14b6e9190a7451cd72d7b23bfd • CWE-1392: Use of Default Credentials •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 1CVE-2025-0802 – SourceCodester Best Employee Management System Administrative Endpoint View_user.php access control
https://notcve.org/view.php?id=CVE-2025-0802
29 Jan 2025 — A vulnerability classified as critical was found in SourceCodester Best Employee Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/View_user.php of the component Administrative Endpoint. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/theanm0l/VulnDB/blob/main/Improper%20Authorization.md • CWE-266: Incorrect Privilege Assignment CWE-284: Improper Access Control •
CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0800 – SourceCodester Online Courseware Edit Teacher saveeditt.php cross site scripting
https://notcve.org/view.php?id=CVE-2025-0800
29 Jan 2025 — A vulnerability classified as problematic has been found in SourceCodester Online Courseware 1.0. Affected is an unknown function of the file /pcci/admin/saveeditt.php of the component Edit Teacher. The manipulation of the argument fname leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://vuldb.com/?ctiid.293922 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0464 – SourceCodester Task Reminder System Maintenance Section cross site scripting
https://notcve.org/view.php?id=CVE-2025-0464
14 Jan 2025 — A vulnerability was found in SourceCodester Task Reminder System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Maintenance Section. The manipulation of the argument System Name leads to cross site scripting. The attack can be launched remotely. • https://vuldb.com/?ctiid.291481 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-0294 – SourceCodester Home Clean Services Management System process.php sql injection
https://notcve.org/view.php?id=CVE-2025-0294
07 Jan 2025 — A vulnerability has been found in SourceCodester Home Clean Services Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /public_html/admin/process.php. The manipulation of the argument type/length/business leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/xiaosguang/cve/blob/main/Home%20Clean%20Services%20Management/Home%20Clean%20Services%20Management%20System%20process.php%20id%20SQL%20injection.md • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2025-0173 – SourceCodester Online Eyewear Shop view_order.php sql injection
https://notcve.org/view.php?id=CVE-2025-0173
02 Jan 2025 — A vulnerability was found in SourceCodester Online Eyewear Shop 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /orders/view_order.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/listlonely/cve/blob/main/sql.md • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-13069 – SourceCodester Multi Role Login System add-user.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-13069
31 Dec 2024 — A vulnerability was found in SourceCodester Multi Role Login System 1.0. It has been classified as problematic. Affected is an unknown function of the file /endpoint/add-user.php. The manipulation of the argument name leads to cross site scripting. It is possible to launch the attack remotely. • https://github.com/shaturo1337/POCs/blob/main/Stored%20XSS%20Vulnerability%20in%20Multi%20Role%20Login%20System.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •