CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 1CVE-2025-5649 – SourceCodester Student Result Management System Register Interface new_user access control
https://notcve.org/view.php?id=CVE-2025-5649
05 Jun 2025 — A vulnerability classified as critical has been found in SourceCodester Student Result Management System 1.0. This affects an unknown part of the file /admin/core/new_user of the component Register Interface. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Watskip/GeneralResearch/blob/main/Exploits/SRMS/Unauthorized%20privileged%20user%20creation.md • CWE-266: Incorrect Privilege Assignment CWE-284: Improper Access Control •
CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 1CVE-2025-5628 – SourceCodester Food Menu Manager Add Menu index.php cross site scripting
https://notcve.org/view.php?id=CVE-2025-5628
05 Jun 2025 — A vulnerability, which was classified as problematic, has been found in SourceCodester Food Menu Manager 1.0. Affected by this issue is some unknown functionality of the file /index.php of the component Add Menu Handler. The manipulation of the argument name/description leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/mysq13/CVE/issues/1 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-5376 – SourceCodester Health Center Patient Record Management System patient.php sql injection
https://notcve.org/view.php?id=CVE-2025-5376
31 May 2025 — A vulnerability was found in SourceCodester Health Center Patient Record Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /patient.php. The manipulation of the argument itr_no leads to sql injection. The attack can be launched remotely. • https://github.com/shanranne/myCVE/issues/5 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2025-5371 – SourceCodester Health Center Patient Record Management System admin.php sql injection
https://notcve.org/view.php?id=CVE-2025-5371
31 May 2025 — A vulnerability, which was classified as critical, has been found in SourceCodester Health Center Patient Record Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/admin.php. The manipulation of the argument Username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/shanranne/myCVE/issues/4 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-5369 – SourceCodester PHP Display Username After Login login.php sql injection
https://notcve.org/view.php?id=CVE-2025-5369
31 May 2025 — A vulnerability classified as critical has been found in SourceCodester PHP Display Username After Login 1.0. Affected is an unknown function of the file /login.php. The manipulation of the argument Username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/shanranne/myCVE/issues/2 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2025-5299 – SourceCodester Client Database Management System user_order_customer_update.php unrestricted upload
https://notcve.org/view.php?id=CVE-2025-5299
28 May 2025 — A vulnerability was found in SourceCodester Client Database Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /user_order_customer_update.php. The manipulation of the argument uploaded_file_cancelled leads to unrestricted upload. The attack can be initiated remotely. • https://github.com/RS7325/cve/issues/3 • CWE-284: Improper Access Control CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2025-5297 – SourceCodester Computer Store System main.c Add stack-based overflow
https://notcve.org/view.php?id=CVE-2025-5297
28 May 2025 — A vulnerability, which was classified as critical, has been found in SourceCodester Computer Store System 1.0. This issue affects the function Add of the file main.c. The manipulation of the argument laptopcompany/RAM/Processor leads to stack-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. • https://github.com/byxs0x0/cve/issues/6 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-5208 – SourceCodester Online Hospital Management System check_availability.php sql injection
https://notcve.org/view.php?id=CVE-2025-5208
26 May 2025 — A vulnerability, which was classified as critical, was found in SourceCodester Online Hospital Management System 1.0. This affects an unknown part of the file /admin/check_availability.php. The manipulation of the argument emailid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/snkercyber/CVE/issues/4 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-5207 – SourceCodester Client Database Management System superadmin_update_profile.php sql injection
https://notcve.org/view.php?id=CVE-2025-5207
26 May 2025 — A vulnerability, which was classified as critical, has been found in SourceCodester Client Database Management System 1.0. Affected by this issue is some unknown functionality of the file /superadmin_update_profile.php. The manipulation of the argument nickname/email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/RS7325/cve/issues/1 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-5002 – SourceCodester Client Database Management System user_proposal_update_order.php sql injection
https://notcve.org/view.php?id=CVE-2025-5002
20 May 2025 — A vulnerability, which was classified as critical, was found in SourceCodester Client Database Management System 1.0. This affects an unknown part of the file /user_proposal_update_order.php. The manipulation of the argument order_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/laifeng-boy/cve/issues/5 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •