Filtered by vendor Oretnom23
Subscribe
Total
716 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-10418 | 1 Oretnom23 | 1 Student Grading System | 2025-09-19 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A weakness has been identified in SourceCodester Student Grading System 1.0. Affected by this vulnerability is an unknown functionality of the file /view_students.php. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited.
|
|||||
| CVE-2022-28026 | 1 Oretnom23 | 1 Student Grading System | 2025-09-19 | 7.5 HIGH | 9.8 CRITICAL |
|
Student Grading System v1.0 was discovered to contain a SQL injection vulnerability via /student-grading-system/rms.php?page=student_p&id=.
|
|||||
| CVE-2022-27304 | 1 Oretnom23 | 1 Student Grading System | 2025-09-19 | 7.5 HIGH | 9.8 CRITICAL |
|
Student Grading System v1.0 was discovered to contain a SQL injection vulnerability via the user parameter.
|
|||||
| CVE-2022-28024 | 1 Oretnom23 | 1 Student Grading System | 2025-09-19 | 7.5 HIGH | 9.8 CRITICAL |
|
Student Grading System v1.0 was discovered to contain a SQL injection vulnerability via /student-grading-system/rms.php?page=grade.
|
|||||
| CVE-2022-28025 | 1 Oretnom23 | 1 Student Grading System | 2025-09-19 | 7.5 HIGH | 9.8 CRITICAL |
|
Student Grading System v1.0 was discovered to contain a SQL injection vulnerability via /student-grading-system/rms.php?page=school_year.
|
|||||
| CVE-2025-10409 | 1 Oretnom23 | 1 Student Grading System | 2025-09-19 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A weakness has been identified in SourceCodester Student Grading System 1.0. This affects an unknown part of the file /rms.php?page=users. Executing manipulation of the argument fname can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the public and could be exploited.
|
|||||
| CVE-2025-10407 | 1 Oretnom23 | 1 Student Grading System | 2025-09-18 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A vulnerability was identified in SourceCodester Student Grading System 1.0. Affected by this vulnerability is an unknown functionality of the file /view_user.php. Such manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used.
|
|||||
| CVE-2025-10408 | 1 Oretnom23 | 1 Student Grading System | 2025-09-18 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A security flaw has been discovered in SourceCodester Student Grading System 1.0. Affected by this issue is some unknown functionality of the file /edit_user.php. Performing manipulation of the argument ID results in sql injection. The attack can be initiated remotely. The exploit has been released to the public and may be exploited.
|
|||||
| CVE-2025-10400 | 1 Oretnom23 | 1 Food Ordering Management System | 2025-09-18 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A security vulnerability has been detected in SourceCodester Food Ordering Management System 1.0. Impacted is an unknown function of the file /routers/ticket-message.php. Such manipulation of the argument ticket_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used.
|
|||||
| CVE-2025-10100 | 1 Oretnom23 | 1 Simple Forum\/discussion System | 2025-09-12 | 7.5 HIGH | 7.3 HIGH |
|
A vulnerability was detected in SourceCodester Simple Forum Discussion System 1.0. This impacts an unknown function of the file /admin_class.php?action=login. Performing manipulation of the argument Username results in sql injection. It is possible to initiate the attack remotely. The exploit is now public and may be used.
|
|||||
| CVE-2025-9701 | 1 Oretnom23 | 1 Simple Cafe Billing System | 2025-09-08 | 7.5 HIGH | 7.3 HIGH |
|
A vulnerability was determined in SourceCodester Simple Cafe Billing System 1.0. The impacted element is an unknown function of the file /receipt.php. Executing manipulation of the argument ID can lead to sql injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized.
|
|||||
| CVE-2025-9702 | 1 Oretnom23 | 1 Simple Cafe Billing System | 2025-09-08 | 7.5 HIGH | 7.3 HIGH |
|
A vulnerability was identified in SourceCodester Simple Cafe Billing System 1.0. This affects an unknown function of the file /sales_report.php. The manipulation of the argument month leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and might be used.
|
|||||
| CVE-2025-9832 | 1 Oretnom23 | 1 Food Ordering Management System | 2025-09-05 | 7.5 HIGH | 7.3 HIGH |
|
A security vulnerability has been detected in SourceCodester Food Ordering Management System 1.0. Affected is an unknown function of the file /routers/register-router.php. Such manipulation of the argument phone leads to sql injection. The attack may be performed from remote. The exploit has been disclosed publicly and may be used.
|
|||||
| CVE-2025-9473 | 1 Oretnom23 | 1 Online Bank Management System | 2025-09-02 | 7.5 HIGH | 7.3 HIGH |
|
A security vulnerability has been detected in SourceCodester Online Bank Management System 1.0. This impacts an unknown function of the file /feedback.php. The manipulation of the argument msg leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used.
|
|||||
| CVE-2025-9304 | 1 Oretnom23 | 1 Online Bank Management System | 2025-08-22 | 7.5 HIGH | 7.3 HIGH |
|
A weakness has been identified in SourceCodester Online Bank Management System 1.0. Impacted is an unknown function of the file /bank/show.php. Executing manipulation of the argument ID can lead to sql injection. The attack may be performed from a remote location. The exploit has been made available to the public and could be exploited.
|
|||||
| CVE-2025-9305 | 1 Oretnom23 | 1 Online Bank Management System | 2025-08-22 | 7.5 HIGH | 7.3 HIGH |
|
A security vulnerability has been detected in SourceCodester Online Bank Management System 1.0. The affected element is an unknown function of the file /bank/mnotice.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used.
|
|||||
| CVE-2025-9021 | 1 Oretnom23 | 1 Online Bank Management System | 2025-08-21 | 7.5 HIGH | 7.3 HIGH |
|
A vulnerability was determined in SourceCodester Online Bank Management System up to 1.0. This vulnerability affects unknown code of the file /bank/transfer.php. The manipulation of the argument email leads to sql injection. The attack can be initiated remotely.
|
|||||
| CVE-2025-9022 | 1 Oretnom23 | 1 Online Bank Management System | 2025-08-21 | 7.5 HIGH | 7.3 HIGH |
|
A vulnerability was identified in SourceCodester Online Bank Management System up to 1.0. This issue affects some unknown processing of the file /bank/statements.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely.
|
|||||
| CVE-2025-8973 | 1 Oretnom23 | 1 Cashier Queuing System | 2025-08-21 | 7.5 HIGH | 7.3 HIGH |
|
A vulnerability has been found in SourceCodester Cashier Queuing System 1.0. Affected is an unknown function of the file /Actions.php. The manipulation of the argument Username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-40686 | 1 Oretnom23 | 1 Human Resource Management System | 2025-08-04 | N/A | 6.1 MEDIUM |
|
Reflected Cross-Site Scripting (XSS) in Human Resource Management System version 1.0. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the 'employeeid' parameter in/detailview.php.
|
|||||
| CVE-2025-40685 | 1 Oretnom23 | 1 Human Resource Management System | 2025-08-04 | N/A | 6.1 MEDIUM |
|
Reflected Cross-Site Scripting (XSS) in Human Resource Management System version 1.0. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the 'searcstate' parameter in/state.php.
|
|||||
| CVE-2025-40684 | 1 Oretnom23 | 1 Human Resource Management System | 2025-08-04 | N/A | 6.1 MEDIUM |
|
Reflected Cross-Site Scripting (XSS) in Human Resource Management System version 1.0. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the 'searccountry' parameter in/country.php.
|
|||||
| CVE-2025-40683 | 1 Oretnom23 | 1 Human Resource Management System | 2025-08-04 | N/A | 6.1 MEDIUM |
|
Reflected Cross-Site Scripting (XSS) in Human Resource Management System version 1.0. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the 'searccity' parameter in /city.php.
|
|||||
| CVE-2025-40682 | 1 Oretnom23 | 1 Human Resource Management System | 2025-08-04 | N/A | 9.8 CRITICAL |
|
SQL injection vulnerability in Human Resource Management System version 1.0, which allows an attacker to retrieve, create, update and delete databases via the “city” and “state” parameters in the /controller/ccity.php endpoint.
|
|||||
| CVE-2024-5385 | 1 Oretnom23 | 1 Online Car Wash Booking System | 2025-07-30 | 3.3 LOW | 2.4 LOW |
|
A vulnerability, which was classified as problematic, has been found in oretnom23 Online Car Wash Booking System 1.0. This issue affects some unknown processing of the file /admin/?page=user/list. The manipulation of the argument First Name/Last Name with the input <script>confirm (document.cookie)</script> leads to cross site scripting. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-266303.
|
|||||
| CVE-2024-40394 | 1 Oretnom23 | 1 Simple Library Management System | 2025-07-09 | N/A | 9.8 CRITICAL |
|
Simple Library Management System Project Using PHP/MySQL v1.0 was discovered to contain an arbitrary file upload vulnerability via the component ajax.php.
|
|||||
| CVE-2025-6869 | 1 Oretnom23 | 1 Simple Company Website | 2025-07-08 | 5.8 MEDIUM | 4.7 MEDIUM |
|
A vulnerability was found in SourceCodester Simple Company Website 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/testimonials/manage.php. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-6867 | 1 Oretnom23 | 1 Simple Company Website | 2025-07-08 | 5.8 MEDIUM | 4.7 MEDIUM |
|
A vulnerability was found in SourceCodester Simple Company Website 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/services/manage.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-6868 | 1 Oretnom23 | 1 Simple Company Website | 2025-07-08 | 5.8 MEDIUM | 4.7 MEDIUM |
|
A vulnerability was found in SourceCodester Simple Company Website 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/clients/manage.php. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-6873 | 1 Oretnom23 | 1 Simple Company Website | 2025-07-01 | 5.8 MEDIUM | 4.7 MEDIUM |
|
A vulnerability, which was classified as critical, has been found in SourceCodester Simple Company Website 1.0. This issue affects some unknown processing of the file /classes/Users.php?f=save. The manipulation of the argument img leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-6872 | 1 Oretnom23 | 1 Simple Company Website | 2025-07-01 | 5.8 MEDIUM | 4.7 MEDIUM |
|
A vulnerability classified as critical was found in SourceCodester Simple Company Website 1.0. This vulnerability affects unknown code of the file /classes/SystemSettings.php?f=update_settings. The manipulation of the argument img leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-6871 | 1 Oretnom23 | 1 Simple Company Website | 2025-07-01 | 7.5 HIGH | 7.3 HIGH |
|
A vulnerability classified as critical has been found in SourceCodester Simple Company Website 1.0. This affects an unknown part of the file /classes/Login.php. The manipulation of the argument Username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-6870 | 1 Oretnom23 | 1 Simple Company Website | 2025-07-01 | 5.8 MEDIUM | 4.7 MEDIUM |
|
A vulnerability was found in SourceCodester Simple Company Website 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /classes/Content.php?f=service. The manipulation of the argument img leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2023-24729 | 1 Oretnom23 | 1 Simple Customer Relationship Management System | 2025-06-27 | N/A | 8.8 HIGH |
|
Simple Customer Relationship Management System v1.0 as discovered to contain a SQL injection vulnerability via the address parameter in the user profile update function.
|
|||||
| CVE-2023-24364 | 1 Oretnom23 | 1 Simple Customer Relationship Management System | 2025-06-27 | N/A | 8.8 HIGH |
|
Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the username parameter under the Admin Panel.
|
|||||
| CVE-2023-24732 | 1 Oretnom23 | 1 Simple Customer Relationship Management System | 2025-06-27 | N/A | 8.8 HIGH |
|
Simple Customer Relationship Management System v1.0 as discovered to contain a SQL injection vulnerability via the gender parameter in the user profile update function.
|
|||||
| CVE-2023-24654 | 1 Oretnom23 | 1 Simple Customer Relationship Management System | 2025-06-27 | N/A | 8.8 HIGH |
|
Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the name parameter under the Request a Quote function.
|
|||||
| CVE-2023-24653 | 1 Oretnom23 | 1 Simple Customer Relationship Management System | 2025-06-27 | N/A | 8.8 HIGH |
|
Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the oldpass parameter under the Change Password function.
|
|||||
| CVE-2023-24731 | 1 Oretnom23 | 1 Simple Customer Relationship Management System | 2025-06-27 | N/A | 8.8 HIGH |
|
Simple Customer Relationship Management System v1.0 as discovered to contain a SQL injection vulnerability via the query parameter in the user profile update function.
|
|||||
| CVE-2023-24656 | 1 Oretnom23 | 1 Simple Customer Relationship Management System | 2025-06-27 | N/A | 8.8 HIGH |
|
Simple Customer Relationship Management System v1.0 was discovered to contain a SQL injection vulnerability via the subject parameter under the Create Ticket function.
|
|||||