Filtered by vendor Oretnom23
Subscribe
Total
716 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-44194 | 1 Oretnom23 | 1 Simple Barangay Management System | 2025-05-12 | N/A | 7.3 HIGH |
|
SourceCodester Simple Barangay Management System v1.0 has a SQL injection vulnerability in /barangay_management/admin/?page=view_household.
|
|||||
| CVE-2024-26492 | 1 Oretnom23 | 1 Online Diagnostic Lab Management System | 2025-05-08 | N/A | 6.3 MEDIUM |
|
An issue in Online Diagnostic Lab Management System 1.0 allows a remote attacker to gain control of a 'Staff' user account via a crafted POST request using the id, email, password, and cpass parameters.
|
|||||
| CVE-2025-4267 | 1 Oretnom23 | 1 Stock Management System | 2025-05-07 | 5.8 MEDIUM | 4.7 MEDIUM |
|
A vulnerability, which was classified as critical, was found in SourceCodester/oretnom23 Stock Management System 1.0. This affects an unknown part of the file /admin/?page=purchase_order/view_po of the component Purchase Order Details Page. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2022-40471 | 1 Oretnom23 | 1 Clinic\'s Patient Management System | 2025-05-06 | N/A | 9.8 CRITICAL |
|
Remote Code Execution in Clinic's Patient Management System v 1.0 allows Attacker to Upload arbitrary php webshell via profile picture upload functionality in users.php
|
|||||
| CVE-2022-43046 | 1 Oretnom23 | 1 Food Ordering Management System | 2025-05-05 | N/A | 4.8 MEDIUM |
|
Food Ordering Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /foms/place-order.php.
|
|||||
| CVE-2022-42990 | 1 Oretnom23 | 1 Food Ordering Management System | 2025-05-05 | N/A | 7.2 HIGH |
|
Food Ordering Management System v1.0 was discovered to contain a SQL injection vulnerability via the component /foms/all-orders.php?status=Cancelled%20by%20Customer.
|
|||||
| CVE-2023-1035 | 1 Oretnom23 | 1 Clinic\'s Patient Management System | 2025-05-05 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A vulnerability was found in SourceCodester Clinics Patient Management System 1.0. It has been classified as critical. Affected is an unknown function of the file update_user.php. The manipulation of the argument user_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221784.
|
|||||
| CVE-2022-46091 | 1 Oretnom23 | 1 Online Flight Booking Management System | 2025-05-01 | N/A | 4.7 MEDIUM |
|
Cross Site Scripting (XSS) vulnerability in the feedback form of Online Flight Booking Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the airline parameter.
|
|||||
| CVE-2023-33676 | 1 Oretnom23 | 1 Lost And Found Information System | 2025-05-01 | N/A | 8.4 HIGH |
|
Sourcecodester Lost and Found Information System's Version 1.0 is vulnerable to unauthenticated SQL Injection at "?page=items/view&id=*" which can be escalated to the remote command execution.
|
|||||
| CVE-2024-44739 | 1 Oretnom23 | 1 Simple Forum Website | 2025-04-30 | N/A | 8.8 HIGH |
|
Sourcecodester Simple Forum Website v1.0 has a SQL injection vulnerability in /php-sqlite-forum/?page=manage_user&id=.
|
|||||
| CVE-2024-34833 | 1 Oretnom23 | 1 Payroll Management System | 2025-04-30 | N/A | 9.8 CRITICAL |
|
Sourcecodester Payroll Management System v1.0 is vulnerable to File Upload. Users can upload images via the "save_settings" page. An unauthenticated attacker can leverage this functionality to upload a malicious PHP file instead. Successful exploitation of this vulnerability results in the ability to execute arbitrary code as the user running the web server.
|
|||||
| CVE-2025-3692 | 1 Oretnom23 | 1 Online Eyewear Shop | 2025-04-29 | 3.3 LOW | 2.4 LOW |
|
A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /oews/classes/Master.php?f=save_product. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2025-3589 | 1 Oretnom23 | 1 Music Class Enrollment System | 2025-04-29 | 6.5 MEDIUM | 6.3 MEDIUM |
|
A vulnerability, which was classified as critical, was found in SourceCodester Music Class Enrollment System 1.0. Affected is an unknown function of the file /manage_class.php. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
|
|||||
| CVE-2024-46293 | 1 Oretnom23 | 1 Online Medicine Ordering System | 2025-04-28 | N/A | 9.8 CRITICAL |
|
Sourcecodester Online Medicine Ordering System 1.0 is vulnerable to Incorrect Access Control. There is a lack of authorization checks for admin operations. Specifically, an attacker can perform admin-level actions without possessing a valid session token. The application does not verify whether the user is logged in as an admin or even check for a session token at all.
|
|||||
| CVE-2024-52675 | 1 Oretnom23 | 1 Sentiment Based Movie Rating System | 2025-04-24 | N/A | 9.8 CRITICAL |
|
SourceCodester Sentiment Based Movie Rating System 1.0 is vulnerable to SQL Injection in /msrps/movies.php.
|
|||||
| CVE-2023-44752 | 1 Oretnom23 | 1 Student Study Center Desk Management System | 2025-04-24 | N/A | 9.8 CRITICAL |
|
An issue in Student Study Center Desk Management System v1.0 allows attackers to bypass authentication via a crafted GET request to /php-sscdms/admin/login.php.
|
|||||
| CVE-2022-46089 | 1 Oretnom23 | 1 Online Flight Booking Management System | 2025-04-24 | N/A | 6.1 MEDIUM |
|
Cross Site Scripting (XSS) vulnerability in the add-airline form of Online Flight Booking Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the airline parameter.
|
|||||
| CVE-2023-24204 | 1 Oretnom23 | 1 Simple Customer Relationship Management System | 2025-04-23 | N/A | 5.4 MEDIUM |
|
SQL injection vulnerability in SourceCodester Simple Customer Relationship Management System v1.0 allows attacker to execute arbitrary code via the name parameter in get-quote.php.
|
|||||
| CVE-2023-24203 | 1 Oretnom23 | 1 Simple Customer Relationship Management System | 2025-04-23 | N/A | 5.4 MEDIUM |
|
Cross Site Scripting vulnerability in SourceCodester Simple Customer Relationship Management System v1.0 allows attacker to execute arbitary code via the company or query parameter(s).
|
|||||
| CVE-2024-37858 | 1 Oretnom23 | 1 Lost And Found Information System | 2025-04-23 | N/A | 9.8 CRITICAL |
|
SQL Injection vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via the id parameter to php-lfis/admin/categories/manage_category.php.
|
|||||
| CVE-2024-37859 | 1 Oretnom23 | 1 Lost And Found Information System | 2025-04-23 | N/A | 6.1 MEDIUM |
|
Cross Site Scripting vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via the page parameter to php-lfis/admin/index.php.
|
|||||
| CVE-2024-37857 | 1 Oretnom23 | 1 Lost And Found Information System | 2025-04-23 | N/A | 8.8 HIGH |
|
SQL Injection vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via id parameter to php-lfis/admin/categories/view_category.php.
|
|||||
| CVE-2024-48454 | 1 Oretnom23 | 1 Purchase Order Management System | 2025-04-23 | N/A | 7.2 HIGH |
|
An issue in SourceCodester Purchase Order Management System v1.0 allows a remote attacker to execute arbitrary code via the /admin?page=user component
|
|||||
| CVE-2024-57522 | 1 Oretnom23 | 1 Packers And Movers Management System | 2025-04-22 | N/A | 6.4 MEDIUM |
|
SourceCodester Packers and Movers Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in Users.php. An attacker can inject a malicious script into the username or name field during user creation.
|
|||||
| CVE-2024-57523 | 1 Oretnom23 | 1 Packers And Movers Management System | 2025-04-22 | N/A | 4.5 MEDIUM |
|
Cross Site Request Forgery (CSRF) in Users.php in SourceCodester Packers and Movers Management System 1.0 allows attackers to create unauthorized admin accounts via crafted requests sent to an authenticated admin user.
|
|||||
| CVE-2024-50766 | 1 Oretnom23 | 1 Survey Application System | 2025-04-22 | N/A | 9.8 CRITICAL |
|
SourceCodester Survey Application System 1.0 is vulnerable to SQL Injection in takeSurvey.php via the id parameter.
|
|||||
| CVE-2024-40068 | 1 Oretnom23 | 1 Online Id Generator System | 2025-04-22 | N/A | 5.9 MEDIUM |
|
Sourcecodester Online ID Generator System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at id_generator/admin/?page=templates/manage_template&id=1.
|
|||||
| CVE-2024-40069 | 1 Oretnom23 | 1 Online Id Generator System | 2025-04-22 | N/A | 5.4 MEDIUM |
|
Sourcecodester Online ID Generator System 1.0 was discovered to contain Stored Cross Site Scripting (XSS) via id_generator/classes/Users.php?f=save, and the point of vulnerability is in the POST parameter 'firstname' and 'lastname'.
|
|||||
| CVE-2024-40070 | 1 Oretnom23 | 1 Online Id Generator System | 2025-04-22 | N/A | 5.1 MEDIUM |
|
Sourcecodester Online ID Generator System 1.0 was discovered to contain an arbitrary file upload vulnerability via id_generator/classes/Users.php?f=save. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.
|
|||||
| CVE-2024-40071 | 1 Oretnom23 | 1 Online Id Generator System | 2025-04-22 | N/A | 9.8 CRITICAL |
|
Sourcecodester Online ID Generator System 1.0 was discovered to contain an arbitrary file upload vulnerability via id_generator/classes/SystemSettings.php?f=update_settings. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.
|
|||||
| CVE-2024-40072 | 1 Oretnom23 | 1 Online Id Generator System | 2025-04-22 | N/A | 9.8 CRITICAL |
|
Sourcecodester Online ID Generator System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at id_generator/admin/?page=generate/index&id=1.
|
|||||
| CVE-2024-40073 | 1 Oretnom23 | 1 Online Id Generator System | 2025-04-22 | N/A | 9.8 CRITICAL |
|
Sourcecodester Online ID Generator System 1.0 was discovered to contain a SQL injection vulnerability via the template parameter at id_generator/admin/?page=generate&template=4.
|
|||||
| CVE-2024-40074 | 1 Oretnom23 | 1 Online Id Generator System | 2025-04-22 | N/A | 4.8 MEDIUM |
|
Sourcecodester Online ID Generator System 1.0 was discovered to contain Stored Cross Site Scripting (XSS) via id_generator/classes/SystemSettings.php?f=update_settings, and the point of vulnerability is in the POST parameter 'short_name'.
|
|||||
| CVE-2024-34226 | 1 Oretnom23 | 1 Visitor Management System | 2025-04-22 | N/A | 9.4 CRITICAL |
|
SQL injection vulnerability in /php-sqlite-vms/?page=manage_visitor&id=1 in SourceCodester Visitor Management System 1.0 allow attackers to execute arbitrary SQL commands via the id parameters.
|
|||||
| CVE-2024-33304 | 1 Oretnom23 | 1 Product Show Room Site | 2025-04-22 | N/A | 6.1 MEDIUM |
|
SourceCodester Product Show Room 1.0 is vulnerable to Cross Site Scripting (XSS) via "Last Name" under Add Users.
|
|||||
| CVE-2024-33302 | 1 Oretnom23 | 1 Product Show Room Site | 2025-04-22 | N/A | 5.3 MEDIUM |
|
SourceCodester Product Show Room 1.0 and before is vulnerable to Cross Site Scripting (XSS) via "Middle Name" under Add Users.
|
|||||
| CVE-2024-33303 | 1 Oretnom23 | 1 Product Show Room Site | 2025-04-22 | N/A | 8.2 HIGH |
|
SourceCodester Product Show Room 1.0 is vulnerable to Cross Site Scripting (XSS) via "First Name" under Add Users.
|
|||||
| CVE-2024-2145 | 1 Oretnom23 | 1 Online Mobile Store Management System | 2025-04-22 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability was found in SourceCodester Online Mobile Management Store 1.0. It has been classified as problematic. Affected is an unknown function of the file /endpoint/update-tracker.php. The manipulation of the argument firstname leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-255498 is the identifier assigned to this vulnerability.
|
|||||
| CVE-2022-45033 | 1 Oretnom23 | 1 Expense Tracker | 2025-04-21 | N/A | 5.4 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in Expense Tracker 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Chat text field.
|
|||||
| CVE-2024-34220 | 1 Oretnom23 | 1 Human Resource Management System | 2025-04-18 | N/A | 7.5 HIGH |
|
Sourcecodester Human Resource Management System 1.0 is vulnerable to SQL Injection via the 'leave' parameter.
|
|||||