CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-4817 – Sourcecodester Doctor's Appointment System GET Parameter delete-appointment.php sql injection
https://notcve.org/view.php?id=CVE-2025-4817
17 May 2025 — A vulnerability was found in Sourcecodester Doctor's Appointment System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/delete-appointment.php of the component GET Parameter Handler. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. • https://github.com/Xiaoyi-ing/CVE/issues/9 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-4816 – SourceCodester Doctor's Appointment System GET Parameter appointment.php sql injection
https://notcve.org/view.php?id=CVE-2025-4816
17 May 2025 — A vulnerability was found in SourceCodester Doctor's Appointment System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/appointment.php of the component GET Parameter Handler. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. • https://github.com/Xiaoyi-ing/CVE/issues/8 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 1CVE-2025-4807 – SourceCodester Online Student Clearance System exposure of information through directory listing
https://notcve.org/view.php?id=CVE-2025-4807
16 May 2025 — A vulnerability, which was classified as problematic, was found in SourceCodester Online Student Clearance System 1.0. This affects an unknown part. The manipulation leads to exposure of information through directory listing. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/laifeng-boy/cve/issues/2 • CWE-548: Exposure of Information Through Directory Listing CWE-552: Files or Directories Accessible to External Parties •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2025-4806 – SourceCodester/oretnom23 Stock Management System view_bo sql injection
https://notcve.org/view.php?id=CVE-2025-4806
16 May 2025 — A vulnerability, which was classified as critical, has been found in SourceCodester/oretnom23 Stock Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/?page=back_order/view_bo. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. • https://github.com/th3w0lf-1337/Vulnerabilities/blob/main/SMS-PHP/SQLi/Back-Order/info.md • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2025-4787 – SourceCodester/oretnom23 Stock Management System view_sale sql injection
https://notcve.org/view.php?id=CVE-2025-4787
16 May 2025 — A vulnerability classified as critical has been found in SourceCodester/oretnom23 Stock Management System 1.0. Affected is an unknown function of the file /admin/?page=sales/view_sale. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. • https://github.com/th3w0lf-1337/Vulnerabilities/blob/main/SMS-PHP/SQLi/Sale-List/info.md • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2025-4786 – SourceCodester/oretnom23 Stock Management System view_return sql injection
https://notcve.org/view.php?id=CVE-2025-4786
16 May 2025 — A vulnerability was found in SourceCodester/oretnom23 Stock Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/?page=return/view_return. The manipulation of the argument ID leads to sql injection. • https://github.com/th3w0lf-1337/Vulnerabilities/blob/main/SMS-PHP/SQLi/Return-List/info.md • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2025-4782 – SourceCodester/oretnom23 Stock Management System view_receiving sql injection
https://notcve.org/view.php?id=CVE-2025-4782
16 May 2025 — A vulnerability has been found in SourceCodester/oretnom23 Stock Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /sms/admin/?page=receiving/view_receiving&id=1. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. • https://github.com/th3w0lf-1337/Vulnerabilities/blob/main/SMS-PHP/SQLi/Receiving/info.md • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2025-4728 – SourceCodester Best Online News Portal search.php sql injection
https://notcve.org/view.php?id=CVE-2025-4728
15 May 2025 — A vulnerability was found in SourceCodester Best Online News Portal 1.0. It has been classified as critical. Affected is an unknown function of the file /search.php. The manipulation of the argument searchtitle leads to sql injection. It is possible to launch the attack remotely. • https://github.com/Lena-lyy/SQL/issues/4 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2025-4720 – SourceCodester Student Result Management System drop_student.php path traversal
https://notcve.org/view.php?id=CVE-2025-4720
15 May 2025 — A vulnerability was found in SourceCodester Student Result Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file academic/core/drop_student.php. The manipulation of the argument img leads to path traversal. The attack can be initiated remotely. • https://github.com/Xiaoyi-ing/CVE/issues/4 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-4547 – SourceCodester Web-based Pharmacy Product Management System Add User Page cross site scripting
https://notcve.org/view.php?id=CVE-2025-4547
11 May 2025 — A vulnerability was found in SourceCodester Web-based Pharmacy Product Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Add User Page. The manipulation leads to cross site scripting. The attack may be launched remotely. • https://github.com/csehacademy/CVEs/blob/main/Web-based%20Pharmacy%20Product%20Management%20System%20-%20Stored%20XSS.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •