Filtered by vendor Sourcecodester
Subscriptions
Total
673 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-3981 | 2 Sourcecodester, Unguardable | 2 Doctor Appointment System, Online Doctor Appointment System | 2026-03-20 | 7.3 High |
| A vulnerability was found in itsourcecode Online Doctor Appointment System 1.0. Affected is an unknown function of the file /admin/doctor_action.php. Performing a manipulation of the argument ID results in sql injection. Remote exploitation of the attack is possible. The exploit has been made public and could be used. | ||||
| CVE-2024-8342 | 2 Nelzkie15, Sourcecodester | 2 Pet Shop Management System, Petshop Management System | 2026-02-24 | 6.3 Medium |
| A vulnerability, which was classified as critical, has been found in SourceCodester Petshop Management System 1.0. This issue affects some unknown processing of the file /controllers/add_client.php. The manipulation of the argument image_profile leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-70141 | 2 Oretnom23, Sourcecodester | 2 Customer Support System, Customer Support System | 2026-02-23 | 9.4 Critical |
| SourceCodester Customer Support System 1.0 contains an incorrect access control vulnerability in ajax.php. The AJAX dispatcher does not enforce authentication or authorization before invoking administrative methods in admin_class.php based on the action parameter. An unauthenticated remote attacker can perform sensitive operations such as creating customers and deleting users (including the admin account), as well as modifying or deleting other application records (tickets, departments, comments), resulting in unauthorized data modification. | ||||
| CVE-2026-1702 | 2 Mayurik, Sourcecodester | 2 Pet Grooming Management Software, Pet Grooming Management Software | 2026-02-23 | 6.3 Medium |
| A vulnerability was detected in SourceCodester Pet Grooming Management Software 1.0. Impacted is an unknown function of the file /admin/operation/user.php of the component User Management. Performing a manipulation of the argument group_id results in improper authorization. The attack can be initiated remotely. The exploit is now public and may be used. | ||||
| CVE-2025-66802 | 2 Covid-19 Contact Tracing System Project, Sourcecodester | 2 Covid-19 Contact Tracing System, Covid-19 Contact Tracing System | 2026-02-09 | 9.8 Critical |
| Sourcecodester Covid-19 Contact Tracing System 1.0 is vulnerable to RCE (Remote Code Execution). The application receives a reverse shell (php) into imagem of the user enabling RCE. | ||||
| CVE-2025-70457 | 2 Remyandrade, Sourcecodester | 2 Modern Image Gallery App, Modern Image Gallery App | 2026-01-30 | 9.8 Critical |
| A Remote Code Execution (RCE) vulnerability exists in Sourcecodester Modern Image Gallery App v1.0 within the gallery/upload.php component. The application fails to properly validate uploaded file contents. Additionally, the application preserves the user-supplied file extension during the save process. This allows an unauthenticated attacker to upload arbitrary PHP code by spoofing the MIME type as an image, leading to full system compromise. | ||||
| CVE-2025-70458 | 2 Remyandrade, Sourcecodester | 2 Domain Availability Checker, Domain-availability-checker | 2026-01-30 | 5.4 Medium |
| A DOM-based Cross-Site Scripting (XSS) vulnerability exists in the DomainCheckerApp class within domain/script.js of Sourcecodester Domain Availability Checker v1.0. The vulnerability occurs because the application improperly handles user-supplied data in the createResultElement method by using the unsafe innerHTML property to render domain search results. | ||||
| CVE-2024-7930 | 2 Oretnom23, Sourcecodester | 2 Clinic\'s Patient Management System, Clinics Patient Management System | 2026-01-23 | 6.3 Medium |
| A vulnerability has been found in SourceCodester Clinics Patient Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /pms/ajax/get_packings.php. The manipulation of the argument medicine_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-7841 | 2 Oretnom23, Sourcecodester | 2 Clinic\'s Patient Management System, Clinics Patient Management System | 2026-01-23 | 6.3 Medium |
| A vulnerability classified as critical was found in SourceCodester Clinics Patient Management System 1.0. This vulnerability affects unknown code of the file /pms/ajax/check_user_name.php. The manipulation of the argument user_name leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-14885 | 2 Lerouxyxchire, Sourcecodester | 2 Client Database Management System, Client Database Management System | 2025-12-24 | 6.3 Medium |
| A flaw has been found in SourceCodester Client Database Management System 1.0. This affects an unknown part of the file /user_leads.php of the component Leads Generation Module. Executing manipulation can lead to unrestricted upload. The attack can be launched remotely. The exploit has been published and may be used. | ||||
| CVE-2025-14530 | 2 Remyandrade, Sourcecodester | 2 Real Estate Property Listing App, Real Estate Property Listing App | 2025-12-16 | 4.7 Medium |
| A vulnerability has been found in SourceCodester Real Estate Property Listing App 1.0. The impacted element is an unknown function of the file /admin/property.php. Such manipulation of the argument image leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-13248 | 2 Pamzey, Sourcecodester | 2 Patients Waiting Area Queue Management System, Patients Waiting Area Queue Management System | 2025-12-11 | 7.3 High |
| A weakness has been identified in SourceCodester Patients Waiting Area Queue Management System 1.0. The impacted element is an unknown function of the file /php/api_patient_schedule.php. This manipulation of the argument appointmentID causes sql injection. The attack can be initiated remotely. The exploit has been made available to the public and could be exploited. | ||||
| CVE-2025-14229 | 2 Sourcecodester, Warren-daloyan | 2 Inventory Management System, Inventory Management System | 2025-12-10 | 4.7 Medium |
| A security vulnerability has been detected in SourceCodester Inventory Management System 1.0. The affected element is an unknown function of the component SVC Report Export. Such manipulation leads to csv injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. | ||||
| CVE-2025-14221 | 2 Oretnom23, Sourcecodester | 2 Banking System, Online Banking System | 2025-12-09 | 3.5 Low |
| A vulnerability was detected in SourceCodester Online Banking System 1.0. This impacts an unknown function of the file /?page=user. The manipulation of the argument First Name/Last Name results in cross site scripting. The attack can be launched remotely. The exploit is now public and may be used. | ||||
| CVE-2025-14206 | 2 Senior-walter, Sourcecodester | 2 Online Student Clearance System, Online Student Clearance System | 2025-12-09 | 6.5 Medium |
| A vulnerability was determined in SourceCodester Online Student Clearance System 1.0. The affected element is an unknown function of the file /Admin/delete-fee.php of the component Fee Table Handler. Executing manipulation of the argument ID can lead to improper authorization. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2025-65215 | 2 Senior-walter, Sourcecodester | 2 Web-based Pharmacy Product Management System, Web-based Pharmacy Product Management System | 2025-12-05 | 6.1 Medium |
| Sourcecodester Web-based Pharmacy Product Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /product_expiry/add-supplier.php via the Supplier Name field. | ||||
| CVE-2025-65881 | 2 Oretnom23, Sourcecodester | 2 Zoo Management System, Zoo Management System | 2025-12-05 | 6.1 Medium |
| Sourcecodester Zoo Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /classes/Login.php. | ||||
| CVE-2025-64070 | 2 Remyandrade, Sourcecodester | 2 Student Grades Management System, Student Grades Management System | 2025-12-03 | 5.4 Medium |
| Sourcecodester Student Grades Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in the Add New Subject Description field. | ||||
| CVE-2025-13564 | 2 Kimz190, Sourcecodester | 2 Pre-school Management System, Pre-school Management System | 2025-12-02 | 5.4 Medium |
| A security flaw has been discovered in SourceCodester Pre-School Management System 1.0. Impacted is the function removefile of the file app/controllers/FilehelperController.php. Performing manipulation of the argument filepath results in denial of service. The attack is possible to be carried out remotely. The exploit has been released to the public and may be exploited. | ||||
| CVE-2025-13586 | 2 Senior-walter, Sourcecodester | 2 Online Student Clearance System, Online Student Clearance System | 2025-12-02 | 4.7 Medium |
| A flaw has been found in SourceCodester Online Student Clearance System 1.0. Impacted is an unknown function of the file /Admin/changepassword.php. This manipulation of the argument txtconfirm_password causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used. | ||||