1000projects 1000projects

  1. Vendors
  2. 1000projects

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any 1000projects product.

RSS Feeds for 1000projects security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in 1000projects products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by 1000projects Sorted by Most Security Vulnerabilities since 2018

1000projects Portfolio Management System Mca16 vulnerabilities

1000projects Bookstore Management System15 vulnerabilities

1000projects Beauty Parlour Management System13 vulnerabilities

1000projects Attendance Tracking Management System11 vulnerabilities

1000projects Abc Courier Management System5 vulnerabilities

1000projects Sales Management System5 vulnerabilities

1000projects Daily College Class Work Report Book3 vulnerabilities

1000projects Campaign Management System Platform Women2 vulnerabilities

1000projects Employee Task Management System2 vulnerabilities

1000projects Human Resource Management System2 vulnerabilities

1000projects Library Management System2 vulnerabilities

1000projects Online Notice Board2 vulnerabilities

By the Year

In 2026 there have been 2 vulnerabilities in 1000projects with an average score of 5.3 out of ten. Last year, in 2025 1000projects had 28 security vulnerabilities published. Right now, 1000projects is on track to have less security vulnerabilities in 2026 than it did last year. Last year, the average CVE base score was greater by 3.41

Year Vulnerabilities Average Score
2026 2 5.30
2025 28 8.71
2024 51 9.69

It may take a day or so for new 1000projects vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent 1000projects Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2026-7144 Apr 27, 2026
CVE-2026-7144 A security flaw has been discovered in 1000 Projects Portfolio Management System MCA 1.0. This impacts an unknown function of the file update_passwd_process.php. The manipulation of the argument temp_user results in authorization bypass. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks.
Portfolio Management System Mca
CVE-2026-7143 Apr 27, 2026
CVE-2026-7143 A vulnerability was identified in 1000 Projects Portfolio Management System MCA up to 1.0. This affects an unknown function of the file /admin/block_status.php. The manipulation of the argument q leads to sql injection. The attack can be initiated remotely. The exploit is publicly available and might be used.
Portfolio Management System Mca
CVE-2025-13289 Nov 17, 2025
SQL Injection in 1000projects Student DBMS 1.0 /SubjectDetails.php A vulnerability was detected in 1000projects Design & Development of Student Database Management System 1.0. Affected is an unknown function of the file /TeacherLogin/Academics/SubjectDetails.php. The manipulation of the argument SubCode results in sql injection. The attack may be performed from remote. The exploit is now public and may be used.
CVE-2025-10833 Sep 23, 2025
1000projects Bookstore Management System 1.0: Remote SQLi via /login.php A vulnerability was determined in 1000projects Bookstore Management System 1.0. The impacted element is an unknown function of the file /login.php. This manipulation of the argument unm causes sql injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized.
Bookstore Management System
CVE-2025-10425 Sep 15, 2025
Unrestricted Upload via new_image on 1000projects OSS 1.0 (CVE-2025-10425) A vulnerability was identified in 1000projects Online Student Project Report Submission and Evaluation System 1.0. The impacted element is an unknown function of the file /admin/controller/student_controller.php. Such manipulation of the argument new_image leads to unrestricted upload. The attack may be performed from remote. The exploit is publicly available and might be used.
CVE-2025-10424 Sep 15, 2025
Unrestricted Upload in 1000projects OSPRSE 1.0 via faculty_controller A vulnerability was determined in 1000projects Online Student Project Report Submission and Evaluation System 1.0. The affected element is an unknown function of the file /admin/controller/faculty_controller.php. This manipulation of the argument new_image causes unrestricted upload. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized.
CVE-2025-8936 Aug 14, 2025
SQLi in 1000 Proj Sales Mgmt Sys 1.0 via select2 in dordupdate.php A vulnerability was determined in 1000 Projects Sales Management System 1.0. Affected by this issue is some unknown functionality of the file /superstore/dist/dordupdate.php. The manipulation of the argument select2 leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Sales Management System
CVE-2025-8934 Aug 14, 2025
CVE-2025-8934: XSS in 1000 Projects Sales Mgmt System 1.0 via /sales.php A vulnerability has been found in 1000 Projects Sales Management System 1.0. Affected is an unknown function of the file /sales.php. The manipulation of the argument select2112 leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Sales Management System
CVE-2025-8935 Aug 14, 2025
SQLi in 1000 Projects Sales Mgmt System 1.0 via /custcmp.php Username A vulnerability was found in 1000 Projects Sales Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /superstore/custcmp.php. The manipulation of the argument Username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Sales Management System
CVE-2025-8933 Aug 14, 2025
XSS in 1000 Projects Sales Management System 1.0 via ssalescat A vulnerability was identified in 1000 Projects Sales Management System 1.0. This issue affects some unknown processing of the file /superstore/admin/sales.php. The manipulation of the argument ssalescat leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Sales Management System
CVE-2025-8932 Aug 14, 2025
Remote SQLi via ssalescat in 1000 Projects Sales Mgmt Sys 1.0 sales.php A vulnerability was determined in 1000 Projects Sales Management System 1.0. This vulnerability affects unknown code of the file /superstore/admin/sales.php. The manipulation of the argument ssalescat leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Sales Management System
CVE-2025-8241 Jul 27, 2025
SQLi via From arg in ABC Courier Management 1.0 report.php A vulnerability, which was classified as critical, was found in 1000 Projects ABC Courier Management System 1.0. This affects an unknown part of the file /report.php. The manipulation of the argument From leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Abc Courier Management System
CVE-2025-8185 Jul 26, 2025
CVE-2025-8185: Critical SQLi in ABC Courier 1.0 /getbyid.php A vulnerability was found in 1000 Projects ABC Courier Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /getbyid.php. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Abc Courier Management System
CVE-2025-8173 Jul 25, 2025
ABC Courier Mgmt Sys 1.0: Remote SQLi via /Add_reciver.php A vulnerability has been found in 1000 Projects ABC Courier Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /Add_reciver.php. The manipulation of the argument reciver_name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Abc Courier Management System
CVE-2025-7466 Jul 12, 2025
SQL Injection in ABC Courier Management 1.0 via /add_dealerrequest.php A vulnerability, which was classified as critical, has been found in 1000projects ABC Courier Management 1.0. Affected by this issue is some unknown functionality of the file /add_dealerrequest.php. The manipulation of the argument Name leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Abc Courier Management System
CVE-2025-5778 Jun 06, 2025
Critical SQLi in ABC Courier MS 1.0 /admin (Username param) A vulnerability, which was classified as critical, was found in 1000 Projects ABC Courier Management System 1.0. Affected is an unknown function of the file /admin. The manipulation of the argument Username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Abc Courier Management System
CVE-2025-5650 Jun 05, 2025
SQLi via /register.php in 1000projects Notice Board v1.0 A vulnerability classified as critical was found in 1000projects Online Notice Board 1.0. This vulnerability affects unknown code of the file /register.php. The manipulation of the argument fname leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
Online Notice Board
CVE-2025-5332 May 29, 2025
CVE-2025-5332: SQLi in 1000 Projects Online Board 1.0 via email param A vulnerability was found in 1000 Projects Online Notice Board 1.0 and classified as critical. This issue affects some unknown processing of the file /index.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Online Notice Board
CVE-2025-5205 May 26, 2025
SQLi in /dcwr_entry.php of 1000 Projects Daily College Class Work Report Book 1.0 A vulnerability classified as critical has been found in 1000 Projects Daily College Class Work Report Book 1.0. Affected is an unknown function of the file /dcwr_entry.php. The manipulation of the argument Date leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Daily College Class Work Report Book
CVE-2025-4940 May 19, 2025
SQLi in /admin_info.php of 1000 Projects Class Work Report Book 1.0 A vulnerability, which was classified as critical, has been found in 1000 Projects Daily College Class Work Report Book 1.0. This issue affects some unknown processing of the file /admin_info.php. The manipulation of the argument batch leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Daily College Class Work Report Book
CVE-2025-3384 Apr 07, 2025
SQLi Remote via Email in 1000 Projects HRMS 1.0 – Critical A vulnerability was found in 1000 Projects Human Resource Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /controller/employee.php. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Human Resource Management System
CVE-2025-1189 Feb 12, 2025
Critical SQLi in 1000 Projects Attendance Track Mgt Sys 1.0 (/admin/chart1.php) A vulnerability, which was classified as critical, was found in 1000 Projects Attendance Tracking Management System 1.0. This affects an unknown part of the file /admin/chart1.php. The manipulation of the argument course_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Attendance Tracking Management System
CVE-2025-1174 Feb 11, 2025
XSS in 1000 Projects Bookstore Management System 1.0 Add Book Page A vulnerability has been found in 1000 Projects Bookstore Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file process_book_add.php of the component Add Book Page. The manipulation of the argument Book Name leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
Bookstore Management System
CVE-2025-1173 Feb 11, 2025
SQLi in 1000 Projects Bookstore 1.0 (process_users_del.php Id) A vulnerability, which was classified as critical, was found in 1000 Projects Bookstore Management System 1.0. This affects an unknown part of the file process_users_del.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely.
Bookstore Management System
CVE-2025-1172 Feb 11, 2025
1000 Projects Bookstore MS 1.0 AddToCart.php bcid SQLi Remote A vulnerability, which was classified as critical, has been found in 1000 Projects Bookstore Management System 1.0. Affected by this issue is some unknown functionality of the file addtocart.php. The manipulation of the argument bcid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Bookstore Management System
CVE-2025-0847 Jan 30, 2025
1000 Projects EMTM 1.0 PHP Login SQLi Remote via /index.php A vulnerability was found in 1000 Projects Employee Task Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /index.php of the component Login. The manipulation of the argument email leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Employee Task Management System
CVE-2025-0846 Jan 30, 2025
Critical SQLi in 1000 Projects Emp. Task Mgt 1.0 /admin/AdminLogin.php A vulnerability was found in 1000 Projects Employee Task Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/AdminLogin.php. The manipulation of the argument email leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Employee Task Management System
CVE-2025-0536 Jan 17, 2025
Critical SQLi in 1000 Projects Attendance System 1.0, /admin/edit_action.php A vulnerability classified as critical was found in 1000 Projects Attendance Tracking Management System 1.0. This vulnerability affects unknown code of the file /admin/edit_action.php. The manipulation of the argument attendance_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Attendance Tracking Management System
CVE-2025-0534 Jan 17, 2025
Sqli in 1000 Projects Campaign 1.0: /Code/loginnew.php Affects Username A vulnerability was found in 1000 Projects Campaign Management System Platform for Women 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /Code/loginnew.php. The manipulation of the argument Username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Campaign Management System Platform Women
CVE-2025-0533 Jan 17, 2025
SQLi in 1000 Projects Campaign Mgmt Sys 1.0 via /sc_login.php (uname) A vulnerability was found in 1000 Projects Campaign Management System Platform for Women 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /Code/sc_login.php. The manipulation of the argument uname leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Campaign Management System Platform Women
CVE-2024-13072 Dec 31, 2024
CVE-2024-13072: SQLi in 1000 Projects Beauty Parlour MS 1.0 (CustDtl Handler) A vulnerability was found in 1000 Projects Beauty Parlour Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/add-customer-services.php of the component Customer Detail Handler. The manipulation of the argument sids[] leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Beauty Parlour Management System
CVE-2024-13037 Dec 30, 2024
SQL Injection Vulnerability in Attendance Tracking Management System A vulnerability was found in 1000 Projects Attendance Tracking Management System 1.0. It has been classified as critical. Affected is the function attendance_report of the file /admin/report.php. The manipulation of the argument course_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Attendance Tracking Management System
CVE-2024-13006 Dec 29, 2024
SQL Injection Vulnerability in 1000 Projects Human Resource Management System A vulnerability, which was classified as critical, has been found in 1000 Projects Human Resource Management System 1.0. This issue affects some unknown processing of the file /employeeview.php. The manipulation of the argument search leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Human Resource Management System
CVE-2024-13005 Dec 29, 2024
SQL Injection Vulnerability in Attendance Tracking Management System A vulnerability classified as critical was found in 1000 Projects Attendance Tracking Management System 1.0. This vulnerability affects unknown code of the file /admin/attendance_action.php. The manipulation of the argument attendance_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Attendance Tracking Management System
CVE-2024-13003 Dec 29, 2024
Critical SQLi CVE-2024-13003 in 1000PMMS MCA 1.0 /update_ed.php A vulnerability was found in 1000 Projects Portfolio Management System MCA 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /update_ed.php. The manipulation of the argument e_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Portfolio Management System Mca
CVE-2024-13002 Dec 29, 2024
Critical SQLi in 1000 Projects Bookstore Management System 1.0 /order_process.php A vulnerability was found in 1000 Projects Bookstore Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /order_process.php. The manipulation of the argument fnm leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Bookstore Management System
CVE-2024-12965 Dec 26, 2024
SQLi in /update_ex_detail.php of 1000 Plans PMS MCA v1.0 A vulnerability was found in 1000 Projects Portfolio Management System MCA 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /update_ex_detail.php. The manipulation of the argument q leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Portfolio Management System Mca
CVE-2024-12964 Dec 26, 2024
SQLi via /login.php in 1000 Projects Daily College Class Work Report Book 1.0 A vulnerability was found in 1000 Projects Daily College Class Work Report Book 1.0. It has been classified as critical. This affects an unknown part of the file /login.php. The manipulation of the argument user leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Daily College Class Work Report Book
CVE-2024-12960 Dec 26, 2024
Critical SQLi in /update_edu_details.php of 1000 Projects PMS MCA 1.0 A vulnerability, which was classified as critical, has been found in 1000 Projects Portfolio Management System MCA 1.0. This issue affects some unknown processing of the file /update_edu_details.php. The manipulation of the argument q leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Portfolio Management System Mca
CVE-2024-12961 Dec 26, 2024
Critical SQLi in 1000 Projects Management System MCA 1.0 /update_ach_details.php A vulnerability, which was classified as critical, was found in 1000 Projects Portfolio Management System MCA 1.0. Affected is an unknown function of the file /update_ach_details.php. The manipulation of the argument q leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Portfolio Management System Mca
CVE-2024-12958 Dec 26, 2024
SQLi in 1000 Projects Portfolio Mgmt System MCA 1.0 /update_pro_details.php A vulnerability classified as critical has been found in 1000 Projects Portfolio Management System MCA 1.0. This affects an unknown part of the file /update_pro_details.php. The manipulation of the argument q leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Portfolio Management System Mca
CVE-2024-12959 Dec 26, 2024
SQLi in 1000Projects PortfolioMgmtSys MCA 1.0 update_personal_details.php A vulnerability classified as critical was found in 1000 Projects Portfolio Management System MCA 1.0. This vulnerability affects unknown code of the file /update_personal_details.php. The manipulation of the argument q leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Portfolio Management System Mca
CVE-2024-12956 Dec 26, 2024
CVE-2024-12956: Unrestricted File Upload via /add_achievement_details.php in PCM MCA 1.0 A vulnerability was found in 1000 Projects Portfolio Management System MCA 1.0 and classified as critical. This issue affects some unknown processing of the file /add_achievement_details.php. The manipulation of the argument ach_certy leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Portfolio Management System Mca
CVE-2024-12953 Dec 26, 2024
1000 Projects Portfolio Management System MCA 1.0: Unrestricted File Upload Vulnerability in /update A vulnerability, which was classified as critical, has been found in 1000 Projects Portfolio Management System MCA 1.0. Affected by this issue is some unknown functionality of the file /update_pd_process.php. The manipulation of the argument profile leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Portfolio Management System Mca
CVE-2024-12954 Dec 26, 2024
1000 Projects Portfolio Management System MCA 1.0: Unrestricted File Upload Vulnerability in /update A vulnerability, which was classified as critical, was found in 1000 Projects Portfolio Management System MCA 1.0. This affects an unknown part of the file /update_ach.php. The manipulation of the argument ach_certy leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Portfolio Management System Mca
CVE-2024-12951 Dec 26, 2024
1000 Projects Portfolio Management System MCA 1.0: Unrestricted File Upload Vulnerability in add_per A vulnerability classified as critical has been found in 1000 Projects Portfolio Management System MCA 1.0. Affected is an unknown function of the file /add_personal_details.php. The manipulation of the argument profile leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Portfolio Management System Mca
CVE-2024-12946 Dec 26, 2024
SQL Injection Vulnerability in 1000 Projects Attendance Tracking Management System admin_action.php A vulnerability, which was classified as critical, has been found in 1000 Projects Attendance Tracking Management System 1.0. This issue affects some unknown processing of the file /admin/admin_action.php. The manipulation of the argument admin_user_name leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Attendance Tracking Management System
CVE-2024-12942 Dec 26, 2024
1000 Projects PGM Sys v1.0 SQLi via /admin/admin_login.php A vulnerability was found in 1000 Projects Portfolio Management System MCA 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/admin_login.php. The manipulation of the argument username/password leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Portfolio Management System Mca
CVE-2024-12940 Dec 26, 2024
PHP: 1000 Projects Attendance Tracking 1.0 - SQLi via /admin/student_action.php A vulnerability has been found in 1000 Projects Attendance Tracking Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/student_action.php. The manipulation of the argument student_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Attendance Tracking Management System
CVE-2024-12927 Dec 25, 2024
SQL Injection Vulnerability in 1000 Projects Attendance Tracking Management System A vulnerability, which was classified as critical, has been found in 1000 Projects Attendance Tracking Management System 1.0. Affected by this issue is some unknown functionality of the file /faculty/check_faculty_login.php. The manipulation of the argument faculty_emailid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Attendance Tracking Management System
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.