Code Projects Code Projects

  1. Vendors
  2. Code Projects

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Code Projects product.

RSS Feeds for Code Projects security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Code Projects products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Code Projects Sorted by Most Security Vulnerabilities since 2018

Code Projects Exam Form Submission30 vulnerabilities

Code Projects Blood Bank Management System23 vulnerabilities

Code Projects Patient Record Management System23 vulnerabilities

Code Projects Blood Bank System22 vulnerabilities

Code Projects Simple Laundry System22 vulnerabilities

Code Projects Inventory Management System20 vulnerabilities

Code Projects Library System20 vulnerabilities

Code Projects Online Shoe Store18 vulnerabilities

Code Projects Pharmacy Management System17 vulnerabilities

Code Projects Client Details System16 vulnerabilities

Code Projects Job Recruitment16 vulnerabilities

Code Projects Chat System16 vulnerabilities

Code Projects Simple Admin Panel14 vulnerabilities

Code Projects Online Restaurant Management System14 vulnerabilities

Code Projects Online Class Exam Scheduling System12 vulnerabilities

Code Projects Vehicle Management11 vulnerabilities

Code Projects Modern Bag11 vulnerabilities

Code Projects Hospital Management System11 vulnerabilities

Code Projects Content Management System10 vulnerabilities

Code Projects Simple Food Ordering System10 vulnerabilities

Code Projects Blood Bank10 vulnerabilities

Code Projects Scholars Tracking System10 vulnerabilities

Code Projects Point Sales Inventory Management System10 vulnerabilities

Code Projects Simple School Management System9 vulnerabilities

Code Projects Fighting Cock Information System9 vulnerabilities

Code Projects Voting System7 vulnerabilities

Code Projects Online Book Shop7 vulnerabilities

Code Projects Simple Stock System7 vulnerabilities

Code Projects Restaurant Reservation System7 vulnerabilities

Code Projects Hotel Management System7 vulnerabilities

Code Projects Employee Profile Management System7 vulnerabilities

Code Projects Crime Reporting System7 vulnerabilities

Code Projects Inventory Management6 vulnerabilities

Code Projects Human Resource Integrated System6 vulnerabilities

Code Projects Automated Voting System6 vulnerabilities

Code Projects Nero Social Networking Site6 vulnerabilities

Code Projects E Commerce Website6 vulnerabilities

Code Projects Online Event Judging System6 vulnerabilities

Code Projects Crud Operation System5 vulnerabilities

Code Projects Simple Art Gallery5 vulnerabilities

Code Projects Simple Car Rental System5 vulnerabilities

Code Projects Simple Chat System5 vulnerabilities

Code Projects Online Exam Mastering System5 vulnerabilities

Code Projects Simple Online Hotel Reservation System5 vulnerabilities

Code Projects Daily Expense Manager4 vulnerabilities

Code Projects Dormitory Management System4 vulnerabilities

Code Projects Student Record System4 vulnerabilities

Code Projects Travel Management System4 vulnerabilities

Code Projects Student Enrollment4 vulnerabilities

Code Projects Social Networking Site4 vulnerabilities

Code Projects Simple Task List3 vulnerabilities

Code Projects Simple Ticket Booking3 vulnerabilities

Code Projects Budget Management3 vulnerabilities

Code Projects Product Management System3 vulnerabilities

Code Projects Prison Management System3 vulnerabilities

Code Projects Pharmacy Management3 vulnerabilities

Code Projects Computer Book Store3 vulnerabilities

Code Projects Student Management System2 vulnerabilities

Code Projects Simple Crud Functionality2 vulnerabilities

Code Projects Assessment Management2 vulnerabilities

Code Projects Online Job Portal2 vulnerabilities

Code Projects Food Ordering System2 vulnerabilities

Code Projects Human Resource Management2 vulnerabilities

Code Projects Farmacia2 vulnerabilities

Code Projects News Publishing Site Dashboard2 vulnerabilities

Code Projects Online Car Rental System2 vulnerabilities

Code Projects College Notes Uploading System2 vulnerabilities

Code Projects Police Fir Record Management System2 vulnerabilities

Code Projects Cinema Seat Reservation System2 vulnerabilities

Code Projects Responsive Hotel Site2 vulnerabilities

Code Projects Real Estate Property Management System2 vulnerabilities

Code Projects Record Management System2 vulnerabilities

Code Projects Task Manager1 vulnerability

Code Projects Admin Dashboard1 vulnerability

Code Projects College Management System1 vulnerability

Code Projects Courier Management System1 vulnerability

Code Projects Vehicle Parking Management System1 vulnerability

Code Projects Student Enrollment In Php1 vulnerability

Code Projects Laundry System1 vulnerability

Code Projects Local Storage Todo App1 vulnerability

Code Projects Online Faculty Clearance1 vulnerability

Code Projects Simple E Banking System1 vulnerability

Code Projects Online Shop Store1 vulnerability

Code Projects Simple Banking System1 vulnerability

Code Projects Police Station Management System1 vulnerability

Code Projects Qr Code Generator1 vulnerability

Code Projects Shopping Portal1 vulnerability

By the Year

In 2026 there have been 148 vulnerabilities in Code Projects with an average score of 6.1 out of ten. Last year, in 2025 Code Projects had 461 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Code Projects in 2026 could surpass last years number. Last year, the average CVE base score was greater by 1.39




Year Vulnerabilities Average Score
2026 148 6.11
2025 461 7.51
2024 191 8.50
2023 37 7.29
2022 1 9.80

It may take a day or so for new Code Projects vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Code Projects Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2026-5705 Apr 06, 2026
XSS in Online Hotel Booking 1.0 Booking Endpoint (roomname) A vulnerability was identified in code-projects Online Hotel Booking 1.0. Affected by this vulnerability is an unknown functionality of the file /booknow.php of the component Booking Endpoint. Such manipulation of the argument roomname leads to cross site scripting. It is possible to launch the attack remotely. The exploit is publicly available and might be used.
CVE-2026-5672 Apr 06, 2026
SQLi in Simple IT Discussion Forum 1.0 ParamHandler /edit-category.php cat_id A vulnerability has been found in code-projects Simple IT Discussion Forum 1.0. Affected by this issue is some unknown functionality of the file /edit-category.php of the component Parameter Handler. The manipulation of the argument cat_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2026-5666 Apr 06, 2026
Online FIR System 1.0 SQL DB Backup Handler Insecure Storage (Remote) A vulnerability was detected in code-projects Online FIR System 1.0. Affected by this issue is some unknown functionality of the file /complaints.sql of the component SQL Database Backup File Handler. The manipulation results in insecure storage of sensitive information. The attack may be performed from remote. The exploit is now public and may be used.
CVE-2026-5665 Apr 06, 2026
Online FIR System 1.0 Login component SQLi via /Login/checklogin.php A security vulnerability has been detected in code-projects Online FIR System 1.0. Affected by this vulnerability is an unknown functionality of the file /Login/checklogin.php of the component Login. The manipulation of the argument email/password leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used.
CVE-2026-5650 Apr 06, 2026
Online App System Admission 1.0: Insecure Storage in oas.sql A vulnerability was found in code-projects Online Application System for Admission 1.0. Impacted is an unknown function of the file /enrollment/database/oas.sql. Performing a manipulation results in insecure storage of sensitive information. The attack is possible to be carried out remotely. The exploit has been made public and could be used.
CVE-2026-5649 Apr 06, 2026
SQLi in code-projects Online Admission System 1.0 via /enrollment/admsnform.php A vulnerability has been found in code-projects Online Application System for Admission 1.0. This issue affects some unknown processing of the file /enrollment/admsnform.php of the component Endpoint. Such manipulation leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used.
CVE-2026-5648 Apr 06, 2026
Simple Laundry System 1.0 SQLi via /userfinishregister.php Parameter Handler A flaw has been found in code-projects Simple Laundry System 1.0. This vulnerability affects unknown code of the file /userfinishregister.php of the component Parameter Handler. This manipulation of the argument firstName causes sql injection. Remote exploitation of the attack is possible. The exploit has been published and may be used.
Simple Laundry System
CVE-2026-5647 Apr 06, 2026
CVE-2026-5647: XSS via product_name in Online Shoe Store 1.0 Add Product Page A vulnerability was detected in code-projects Online Shoe Store 1.0. This affects an unknown part of the file /admin/admin_feature.php of the component Add Product Page. The manipulation of the argument product_name results in cross site scripting. The attack may be launched remotely. The exploit is now public and may be used.
Online Shoe Store
CVE-2026-5646 Apr 06, 2026
Easy Blog Site 1.0 - SQLi via login.php, unpatched A security vulnerability has been detected in code-projects Easy Blog Site 1.0. Affected by this issue is some unknown functionality of the file login.php. The manipulation of the argument username/password leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used.
CVE-2026-5565 Apr 05, 2026
SQL Injection in Simple Laundry System 1.0 Parameter Handler (delmemberinfo.php) A security vulnerability has been detected in code-projects Simple Laundry System 1.0. Affected by this issue is some unknown functionality of the file /delmemberinfo.php of the component Parameter Handler. Such manipulation of the argument userid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used.
Simple Laundry System
CVE-2026-5564 Apr 05, 2026
Remote SQLi in Simple Laundry System 1.0 /searchguest.php Parameter Handler A weakness has been identified in code-projects Simple Laundry System 1.0. Affected by this vulnerability is an unknown functionality of the file /searchguest.php of the component Parameter Handler. This manipulation of the argument searchServiceId causes sql injection. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks.
Simple Laundry System
CVE-2026-5555 Apr 05, 2026
Concert Ticket Reservation System 1.0: Login.php Param Handler SQLi A weakness has been identified in code-projects Concert Ticket Reservation System 1.0. This affects an unknown part of the file /ConcertTicketReservationSystem-master/login.php of the component Parameter Handler. Executing a manipulation of the argument Email can lead to sql injection. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks.
CVE-2026-5554 Apr 05, 2026
Concert Ticket Reservation Sys 1.0 SQLi via process_search.php Param Handler A security flaw has been discovered in code-projects Concert Ticket Reservation System 1.0. Affected by this issue is some unknown functionality of the file /ConcertTicketReservationSystem-master/process_search.php of the component Parameter Handler. Performing a manipulation of the argument searching results in sql injection. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks.
CVE-2026-5542 Apr 05, 2026
XSS in modstaffinfo.php (Parameter Handler) - Simple Laundry System 1.0 A vulnerability was determined in code-projects Simple Laundry System 1.0. Impacted is an unknown function of the file /modstaffinfo.php of the component Parameter Handler. Executing a manipulation of the argument userid can lead to cross site scripting. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized.
Simple Laundry System
CVE-2026-5541 Apr 05, 2026
Simple Laundry Sys 1.0 XSS via modmemberinfo.php userid (Parameter Handler) A vulnerability was found in code-projects Simple Laundry System 1.0. This issue affects some unknown processing of the file /modmemberinfo.php of the component Parameter Handler. Performing a manipulation of the argument userid results in cross site scripting. The attack may be initiated remotely. The exploit has been made public and could be used.
Simple Laundry System
CVE-2026-5540 Apr 05, 2026
SQL Injection in Simple Laundry System 1.0 via firstName (Param Handler) A vulnerability has been found in code-projects Simple Laundry System 1.0. This vulnerability affects unknown code of the file /modifymember.php of the component Parameter Handler. Such manipulation of the argument firstName leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Simple Laundry System
CVE-2026-5539 Apr 05, 2026
Simple Laundry Sys 1.0 - XSS via firstName in Parameter Handler A flaw has been found in code-projects Simple Laundry System 1.0. This affects an unknown part of the file /modifymember.php of the component Parameter Handler. This manipulation of the argument firstName causes cross site scripting. The attack can be initiated remotely. The exploit has been published and may be used.
Simple Laundry System
CVE-2026-5257 Apr 01, 2026
Simple Laundry System 1.0: Remote SQLi via /delstaffinfo.php userid A vulnerability has been found in code-projects Simple Laundry System 1.0. This issue affects some unknown processing of the file /delstaffinfo.php of the component Parameter Handler. Such manipulation of the argument userid leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used.
Simple Laundry System
CVE-2026-5256 Apr 01, 2026
SQLi via Parameter Handler in Simple Laundry System 1.0 (/modify.php) A flaw has been found in code-projects Simple Laundry System 1.0. This vulnerability affects unknown code of the file /modify.php of the component Parameter Handler. This manipulation of the argument firstName causes sql injection. Remote exploitation of the attack is possible. The exploit has been published and may be used.
Simple Laundry System
CVE-2026-5255 Apr 01, 2026
XSS via Parameter Handler in Simple Laundry System 1.0 /delstaffinfo.php A vulnerability was detected in code-projects Simple Laundry System 1.0. This affects an unknown part of the file /delstaffinfo.php of the component Parameter Handler. The manipulation of the argument userid results in cross site scripting. The attack may be launched remotely. The exploit is now public and may be used.
Simple Laundry System
CVE-2026-5240 Mar 31, 2026
CVE-2026-5240: XSS via statename in BloodBank System 1.0 /admin_state.php A security vulnerability has been detected in code-projects BloodBank Managing System 1.0. This affects an unknown part of the file /admin_state.php. The manipulation of the argument statename leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used.
Blood Bank
CVE-2026-5206 Mar 31, 2026
Simple Gym Management System 1.0 Payment Handler SQLi Remote Exploitable A security vulnerability has been detected in code-projects Simple Gym Management System 1.0. This vulnerability affects unknown code of the component Payment Handler. The manipulation of the argument Payment_id/Amount/customer_id/payment_type/customer_name leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.
CVE-2026-5198 Mar 31, 2026
Student Membership System 1.0 Admin Login SQLi (PHP) A vulnerability was determined in code-projects Student Membership System 1.0. The impacted element is an unknown function of the file /admin/index.php of the component Admin Login. This manipulation of the argument username/password causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.
CVE-2026-5197 Mar 31, 2026
SQL Injection in Student Membership System 1.0 delete_user.php A vulnerability was found in code-projects Student Membership System 1.0. The affected element is an unknown function of the file /delete_user.php. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit has been made public and could be used.
CVE-2026-5196 Mar 31, 2026
SQLi in code-projects Student Membership System 1.0 /delete_member.php ID A vulnerability has been found in code-projects Student Membership System 1.0. Impacted is an unknown function of the file /delete_member.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2026-5195 Mar 31, 2026
SQL Injection in User Registration Handler of Student Membership System 1.0 A flaw has been found in code-projects Student Membership System 1.0. This issue affects some unknown processing of the component User Registration Handler. Executing a manipulation can lead to sql injection. The attack can be launched remotely.
CVE-2026-5157 Mar 30, 2026
Online Food Ordering Sys 1.0 XSS via cust_id in /form/order.php A vulnerability was identified in code-projects Online Food Ordering System 1.0. Affected is an unknown function of the file /form/order.php of the component Order Module. Such manipulation of the argument cust_id leads to cross site scripting. The attack may be performed from remote. The exploit is publicly available and might be used.
CVE-2026-5150 Mar 30, 2026
SQLi in Accounting System 1.0 Parameter Handler /viewin_costumer.php A security vulnerability has been detected in code-projects Accounting System 1.0. This issue affects some unknown processing of the file /viewin_costumer.php of the component Parameter Handler. Such manipulation of the argument cos_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.
CVE-2026-5106 Mar 30, 2026
Exam Form Submission 1.0 XSS via sname in /admin/update_fst.php A flaw has been found in code-projects Exam Form Submission 1.0. The impacted element is an unknown function of the file /admin/update_fst.php. Executing a manipulation of the argument sname can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been published and may be used.
Exam Form Submission
CVE-2026-5041 Mar 29, 2026
Chamber of Commerce Membership Management System 1.0 Command Injection via fwrite A vulnerability was identified in code-projects Chamber of Commerce Membership Management System 1.0. Impacted is the function fwrite of the file admin/pageMail.php. The manipulation of the argument mailSubject/mailMessage leads to command injection. The attack may be initiated remotely. The exploit is publicly available and might be used.
CVE-2026-5035 Mar 29, 2026
Remote SQL Injection via en_id in code-projects Accounting System 1.0 A vulnerability has been found in code-projects Accounting System 1.0. This affects an unknown part of the file /view_work.php of the component Parameter Handler. Such manipulation of the argument en_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2026-5034 Mar 29, 2026
Code-Projects Accounting System 1.0: SQLi via cos_id in /edit_costumer.php A flaw has been found in code-projects Accounting System 1.0. Affected by this issue is some unknown functionality of the file /edit_costumer.php of the component Parameter Handler. This manipulation of the argument cos_id causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used.
CVE-2026-5033 Mar 29, 2026
SQLi in Parameter Handler /view_costumer.php of Code-Projects Accounting System 1.0 A vulnerability was detected in code-projects Accounting System 1.0. Affected by this vulnerability is an unknown functionality of the file /view_costumer.php of the component Parameter Handler. The manipulation of the argument cos_id results in sql injection. The attack may be performed from remote. The exploit is now public and may be used.
CVE-2026-5019 Mar 28, 2026
SQLi in Simple Food Order System 1.0 all-orders.php Parameter Handler A security vulnerability has been detected in code-projects Simple Food Order System 1.0. Affected by this vulnerability is an unknown functionality of the file all-orders.php of the component Parameter Handler. The manipulation of the argument Status leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used.
CVE-2026-5018 Mar 28, 2026
SQL Injection via Name Param in Simple Food Order System 1.0 A weakness has been identified in code-projects Simple Food Order System 1.0. Affected is an unknown function of the file register-router.php of the component Parameter Handler. Executing a manipulation of the argument Name can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks.
CVE-2026-5017 Mar 28, 2026
SQL Injection in Simple Food Order System 1.0 /all-tickets.php A security flaw has been discovered in code-projects Simple Food Order System 1.0. This impacts an unknown function of the file /all-tickets.php of the component Parameter Handler. Performing a manipulation of the argument Status results in sql injection. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks.
CVE-2026-4972 Mar 27, 2026
Online Reviewer System <=1.0 XSS via btn_functions Description A security vulnerability has been detected in code-projects Online Reviewer System up to 1.0. Affected is an unknown function of the file /system/system/students/assessments/databank/btn_functions.php. Such manipulation of the argument Description leads to cross site scripting. The attack may be performed from remote. The exploit has been disclosed publicly and may be used.
CVE-2026-4970 Mar 27, 2026
SQLi via ID in delete_photos.php (Endpoint) in Social Networking Site 1.0 A security flaw has been discovered in code-projects Social Networking Site 1.0. This affects an unknown function of the file delete_photos.php of the component Endpoint. The manipulation of the argument ID results in sql injection. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks.
Social Networking Site
CVE-2026-4969 Mar 27, 2026
Social Networking Site 1.0 Remote XSS in Alert Handler A vulnerability was identified in code-projects Social Networking Site 1.0. The impacted element is an unknown function of the file /home.php of the component Alert Handler. The manipulation of the argument content leads to cross site scripting. Remote exploitation of the attack is possible. The exploit is publicly available and might be used.
Social Networking Site
CVE-2026-4909 Mar 27, 2026
XSS in Exam Form Subm 1.0 /admin/update_s7.php Remote A weakness has been identified in code-projects Exam Form Submission 1.0. This impacts an unknown function of the file /admin/update_s7.php. This manipulation of the argument sname causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks.
Exam Form Submission
CVE-2026-4908 Mar 27, 2026
SQL Injection in Simple Laundry System 1.0 modstaffinfo.php (Parameter Handler) A security flaw has been discovered in code-projects Simple Laundry System 1.0. This affects an unknown function of the file /modstaffinfo.php of the component Parameter Handler. The manipulation of the argument userid results in sql injection. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks.
Simple Laundry System
CVE-2026-4900 Mar 26, 2026
code-projects OOS 1.0 LFI via dbfood/localhost.sql Remote Attack A weakness has been identified in code-projects Online Food Ordering System 1.0. This affects an unknown part of the file /dbfood/localhost.sql. This manipulation causes files or directories accessible. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks. It is advisable to modify the configuration settings.
CVE-2026-4899 Mar 26, 2026
Online Food Ordering 1.0 XSS via cuisines param in food.php A security flaw has been discovered in code-projects Online Food Ordering System 1.0. Affected by this issue is some unknown functionality of the file /dbfood/food.php. The manipulation of the argument cuisines results in cross site scripting. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks.
CVE-2026-4898 Mar 26, 2026
CVE-2026-4898: XSS in code-projects Online Food Ordering System 1.0 contact.php A vulnerability was identified in code-projects Online Food Ordering System 1.0. Affected by this vulnerability is an unknown functionality of the file /dbfood/contact.php. The manipulation of the argument Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.
CVE-2026-4850 Mar 26, 2026
SQL Injection in Simple Laundry System 1.0 ParamHandler (/checkregisitem.php) A security flaw has been discovered in code-projects Simple Laundry System 1.0. Affected is an unknown function of the file /checkregisitem.php of the component Parameter Handler. The manipulation of the argument Long-arm-shirtVol results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks.
Simple Laundry System
CVE-2026-4849 Mar 26, 2026
Simple Laundry System 1.0 XSS via /modify.php Parameter Handler A vulnerability was identified in code-projects Simple Laundry System 1.0. This impacts an unknown function of the file /modify.php of the component Parameter Handler. The manipulation of the argument firstName leads to cross site scripting. The attack may be initiated remotely. The exploit is publicly available and might be used.
Simple Laundry System
CVE-2026-4844 Mar 26, 2026
SQLi via Username parameter in /admin.php <1.0 code-projects OOS A vulnerability was detected in code-projects Online Food Ordering System 1.0. This issue affects some unknown processing of the file /admin.php of the component Admin Login Module. The manipulation of the argument Username results in sql injection. The attack may be performed from remote. The exploit is now public and may be used.
CVE-2026-4841 Mar 26, 2026
Online Food Ordering System 1.0: Remote SQL Injection via Shopping Cart del A weakness has been identified in code-projects Online Food Ordering System 1.0. This affects an unknown part of the file form/cart.php of the component Shopping Cart Module. Executing a manipulation of the argument del can lead to sql injection. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks.
CVE-2026-4836 Mar 26, 2026
Sqli via cos_id in Accounting System 1.0 /my_account/delete.php (remote) A vulnerability was detected in code-projects Accounting System 1.0. The affected element is an unknown function of the file /my_account/delete.php. Performing a manipulation of the argument cos_id results in sql injection. It is possible to initiate the attack remotely. The exploit is now public and may be used.
CVE-2026-4835 Mar 26, 2026
code-projects Accounting System 1.0 Web App XSS in add_costumer.php A security vulnerability has been detected in code-projects Accounting System 1.0. Impacted is an unknown function of the file /my_account/add_costumer.php of the component Web Application Interface. Such manipulation of the argument costumer_name leads to cross site scripting. The attack may be performed from remote. The exploit has been disclosed publicly and may be used.
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.