CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-0563 – code-projects Fantasy-Cricket update.php sql injection
https://notcve.org/view.php?id=CVE-2025-0563
19 Jan 2025 — A vulnerability was found in code-projects Fantasy-Cricket 1.0. It has been classified as critical. Affected is an unknown function of the file /dash/update.php. The manipulation of the argument uname leads to sql injection. It is possible to launch the attack remotely. • https://code-projects.org • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2025-0538 – code-projects Tourism Management System manage-pages.php cross site scripting
https://notcve.org/view.php?id=CVE-2025-0538
17 Jan 2025 — A vulnerability, which was classified as problematic, was found in code-projects Tourism Management System 1.0. Affected is an unknown function of the file /admin/manage-pages.php. The manipulation of the argument pgedetails leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://code-projects.org • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 1CVE-2025-0537 – code-projects Car Rental Management System manage-pages.php cross site scripting
https://notcve.org/view.php?id=CVE-2025-0537
17 Jan 2025 — A vulnerability, which was classified as problematic, has been found in code-projects Car Rental Management System 1.0. This issue affects some unknown processing of the file /admin/manage-pages.php. The manipulation of the argument pgdetails leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://code-projects.org • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2025-0531 – code-projects Chat System leaveroom.php sql injection
https://notcve.org/view.php?id=CVE-2025-0531
17 Jan 2025 — A vulnerability was found in code-projects Chat System 1.0 and classified as critical. This issue affects some unknown processing of the file /user/leaveroom.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://code-projects.org • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2025-0530 – code-projects Job Recruitment _feedback_system.php cross site scripting
https://notcve.org/view.php?id=CVE-2025-0530
17 Jan 2025 — A vulnerability has been found in code-projects Job Recruitment 1.0 and classified as problematic. This vulnerability affects unknown code of the file /_parse/_feedback_system.php. The manipulation of the argument type leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://code-projects.org • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2025-0529 – code-projects Train Ticket Reservation System Login Form stack-based overflow
https://notcve.org/view.php?id=CVE-2025-0529
17 Jan 2025 — A vulnerability, which was classified as critical, was found in code-projects Train Ticket Reservation System 1.0. This affects an unknown part of the component Login Form. The manipulation of the argument username leads to stack-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. • https://code-projects.org • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2025-0527 – code-projects Admission Management System signupconfirm.php sql injection
https://notcve.org/view.php?id=CVE-2025-0527
17 Jan 2025 — A vulnerability classified as critical was found in code-projects Admission Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /signupconfirm.php. The manipulation of the argument in_eml leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://code-projects.org • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-57488
https://notcve.org/view.php?id=CVE-2024-57488
13 Jan 2025 — Code-Projects Online Car Rental System 1.0 is vulnerable to Cross Site Scripting (XSS) via the vehicalorcview parameter in /admin/edit-vehicle.php. • https://code-projects.org/online-car-rental-using-php-source-code • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-57487
https://notcve.org/view.php?id=CVE-2024-57487
13 Jan 2025 — In Code-Projects Online Car Rental System 1.0, the file upload feature does not validate file extensions or MIME types allowing an attacker to upload a PHP shell without any restrictions and execute commands on the server. • https://github.com/aaryan-11-x/CVE-2024-57487-and-CVE-2024-57488 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-0347 – code-projects Admission Management System Login index.php sql injection
https://notcve.org/view.php?id=CVE-2025-0347
09 Jan 2025 — A vulnerability was found in code-projects Admission Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file index.php of the component Login. The manipulation of the argument u_id leads to sql injection. The attack can be initiated remotely. • https://code-projects.org • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •