Code Projects Code Projects

  1. Vendors
  2. Code Projects

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Code Projects product.

RSS Feeds for Code Projects security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Code Projects products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Code Projects Sorted by Most Security Vulnerabilities since 2018

Code Projects Exam Form Submission28 vulnerabilities

Code Projects Blood Bank Management System23 vulnerabilities

Code Projects Patient Record Management System23 vulnerabilities

Code Projects Blood Bank System22 vulnerabilities

Code Projects Inventory Management System20 vulnerabilities

Code Projects Library System20 vulnerabilities

Code Projects Online Shoe Store17 vulnerabilities

Code Projects Pharmacy Management System17 vulnerabilities

Code Projects Client Details System16 vulnerabilities

Code Projects Chat System16 vulnerabilities

Code Projects Job Recruitment16 vulnerabilities

Code Projects Simple Admin Panel14 vulnerabilities

Code Projects Online Restaurant Management System14 vulnerabilities

Code Projects Online Class Exam Scheduling System12 vulnerabilities

Code Projects Vehicle Management11 vulnerabilities

Code Projects Hospital Management System11 vulnerabilities

Code Projects Modern Bag11 vulnerabilities

Code Projects Point Sales Inventory Management System10 vulnerabilities

Code Projects Content Management System10 vulnerabilities

Code Projects Simple Food Ordering System10 vulnerabilities

Code Projects Scholars Tracking System10 vulnerabilities

Code Projects Simple Laundry System9 vulnerabilities

Code Projects Fighting Cock Information System9 vulnerabilities

Code Projects Simple School Management System9 vulnerabilities

Code Projects Simple Stock System7 vulnerabilities

Code Projects Online Book Shop7 vulnerabilities

Code Projects Voting System7 vulnerabilities

Code Projects Restaurant Reservation System7 vulnerabilities

Code Projects Hotel Management System7 vulnerabilities

Code Projects Employee Profile Management System7 vulnerabilities

Code Projects Crime Reporting System7 vulnerabilities

Code Projects Inventory Management6 vulnerabilities

Code Projects Human Resource Integrated System6 vulnerabilities

Code Projects Automated Voting System6 vulnerabilities

Code Projects Nero Social Networking Site6 vulnerabilities

Code Projects E Commerce Website6 vulnerabilities

Code Projects Online Event Judging System6 vulnerabilities

Code Projects Crud Operation System5 vulnerabilities

Code Projects Simple Art Gallery5 vulnerabilities

Code Projects Simple Car Rental System5 vulnerabilities

Code Projects Simple Chat System5 vulnerabilities

Code Projects Online Exam Mastering System5 vulnerabilities

Code Projects Simple Online Hotel Reservation System5 vulnerabilities

Code Projects Daily Expense Manager4 vulnerabilities

Code Projects Dormitory Management System4 vulnerabilities

Code Projects Student Record System4 vulnerabilities

Code Projects Travel Management System4 vulnerabilities

Code Projects Student Enrollment4 vulnerabilities

Code Projects Simple Task List3 vulnerabilities

Code Projects Simple Ticket Booking3 vulnerabilities

Code Projects Budget Management3 vulnerabilities

Code Projects Product Management System3 vulnerabilities

Code Projects Prison Management System3 vulnerabilities

Code Projects Pharmacy Management3 vulnerabilities

Code Projects Computer Book Store3 vulnerabilities

Code Projects Social Networking Site2 vulnerabilities

Code Projects Student Management System2 vulnerabilities

Code Projects Simple Crud Functionality2 vulnerabilities

Code Projects Assessment Management2 vulnerabilities

Code Projects Online Job Portal2 vulnerabilities

Code Projects Food Ordering System2 vulnerabilities

Code Projects Human Resource Management2 vulnerabilities

Code Projects Farmacia2 vulnerabilities

Code Projects News Publishing Site Dashboard2 vulnerabilities

Code Projects Online Car Rental System2 vulnerabilities

Code Projects College Notes Uploading System2 vulnerabilities

Code Projects Police Fir Record Management System2 vulnerabilities

Code Projects Cinema Seat Reservation System2 vulnerabilities

Code Projects Responsive Hotel Site2 vulnerabilities

Code Projects Real Estate Property Management System2 vulnerabilities

Code Projects Record Management System2 vulnerabilities

Code Projects Task Manager1 vulnerability

Code Projects Admin Dashboard1 vulnerability

Code Projects College Management System1 vulnerability

Code Projects Courier Management System1 vulnerability

Code Projects Vehicle Parking Management System1 vulnerability

Code Projects Student Enrollment In Php1 vulnerability

Code Projects Laundry System1 vulnerability

Code Projects Local Storage Todo App1 vulnerability

Code Projects Online Faculty Clearance1 vulnerability

Code Projects Simple E Banking System1 vulnerability

Code Projects Online Shop Store1 vulnerability

Code Projects Simple Banking System1 vulnerability

Code Projects Police Station Management System1 vulnerability

Code Projects Qr Code Generator1 vulnerability

Code Projects Shopping Portal1 vulnerability

By the Year

In 2026 there have been 98 vulnerabilities in Code Projects with an average score of 6.3 out of ten. Last year, in 2025 Code Projects had 461 security vulnerabilities published. Right now, Code Projects is on track to have less security vulnerabilities in 2026 than it did last year. Last year, the average CVE base score was greater by 1.24




Year Vulnerabilities Average Score
2026 98 6.26
2025 461 7.51
2024 191 8.50
2023 37 7.29
2022 1 9.80

It may take a day or so for new Code Projects vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Code Projects Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2026-4784 Mar 25, 2026
SQL Injection in Simple Laundry System 1.0 Parameter Handler A vulnerability was found in code-projects Simple Laundry System 1.0. This affects an unknown function of the file /checkcheckout.php of the component Parameter Handler. The manipulation of the argument serviceId results in sql injection. It is possible to launch the attack remotely. The exploit has been made public and could be used.
Simple Laundry System
CVE-2026-4595 Mar 23, 2026
Exam Form Submission 1.0 PHP XSS via sname param in update_s6.php A vulnerability was determined in code-projects Exam Form Submission 1.0. This vulnerability affects unknown code of the file /admin/update_s6.php. Executing a manipulation of the argument sname can lead to cross site scripting. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Exam Form Submission
CVE-2026-4581 Mar 23, 2026
SQL Injection via Username in /checklogin.php of Simple Laundry System 1.0 A weakness has been identified in code-projects Simple Laundry System 1.0. Affected is an unknown function of the file /checklogin.php of the component Parameters Handler. This manipulation of the argument Username causes sql injection. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used for attacks. If you want to get best quality of vulnerability data, you may have to visit VulDB.
Simple Laundry System
CVE-2026-4580 Mar 23, 2026
Simple Laundry System 1.0 SQLi via Parameters Handler (serviceId) A security flaw has been discovered in code-projects Simple Laundry System 1.0. This impacts an unknown function of the file /checkupdatestatus.php of the component Parameters Handler. The manipulation of the argument serviceId results in sql injection. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks.
Simple Laundry System
CVE-2026-4579 Mar 23, 2026
SQL Injection in Simple Laundry System 1.0 Parameters Handler via serviceId A vulnerability was identified in code-projects Simple Laundry System 1.0. This affects an unknown function of the file /viewdetail.php of the component Parameters Handler. The manipulation of the argument serviceId leads to sql injection. Remote exploitation of the attack is possible. The exploit is publicly available and might be used.
Simple Laundry System
CVE-2026-4578 Mar 23, 2026
XSS in Exam Form Submission 1.0 /admin/update_s3.php via sname A vulnerability was determined in code-projects Exam Form Submission 1.0. The impacted element is an unknown function of the file /admin/update_s3.php. Executing a manipulation of the argument sname can lead to cross site scripting. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized.
Exam Form Submission
CVE-2026-4577 Mar 23, 2026
Code-Projects Exam Form Submission 1.0 Remote XSS via sname A vulnerability was found in code-projects Exam Form Submission 1.0. The affected element is an unknown function of the file /admin/update_s4.php. Performing a manipulation of the argument sname results in cross site scripting. The attack may be initiated remotely. The exploit has been made public and could be used.
Exam Form Submission
CVE-2026-4576 Mar 23, 2026
XSS via sname in Exam Form Submission 1.0 A vulnerability has been found in code-projects Exam Form Submission 1.0. Impacted is an unknown function of the file /admin/update_s5.php. Such manipulation of the argument sname leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Exam Form Submission
CVE-2026-4575 Mar 23, 2026
Remote XSS via sname in Exam Form Submission 1.0 /admin/update_s2.php A flaw has been found in code-projects Exam Form Submission 1.0. This issue affects some unknown processing of the file /admin/update_s2.php. This manipulation of the argument sname causes cross site scripting. The attack can be initiated remotely. The exploit has been published and may be used.
Exam Form Submission
CVE-2026-4557 Mar 22, 2026
Exam Form Submission 1.0 Remote XSS in /admin/update_s1.php sname A vulnerability was detected in code-projects Exam Form Submission 1.0. This impacts an unknown function of the file /admin/update_s1.php. Performing a manipulation of the argument sname results in cross site scripting. The attack may be initiated remotely. The exploit is now public and may be used.
Exam Form Submission
CVE-2026-4550 Mar 22, 2026
SQLi in Simple Gym Management System <=1.0 via Trainer_id/fname injection A vulnerability has been found in code-projects Simple Gym Management System up to 1.0. This affects an unknown part of the file /gym/func.php. Such manipulation of the argument Trainer_id/fname leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used.
CVE-2026-4533 Mar 22, 2026
Code Projects SFO System 1.0 SQLi via Status in all-tickets.php A vulnerability was detected in code-projects Simple Food Ordering System 1.0. Affected by this issue is some unknown functionality of the file all-tickets.php. The manipulation of the argument Status results in sql injection. It is possible to launch the attack remotely. The exploit is now public and may be used.
Simple Food Ordering System
CVE-2026-4532 Mar 22, 2026
SFOS <1.0: Remote File Exposure via Database Backup Handler A security vulnerability has been detected in code-projects Simple Food Ordering System up to 1.0. Affected by this vulnerability is an unknown functionality of the file /food/sql/food.sql of the component Database Backup Handler. The manipulation leads to files or directories accessible. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. It is recommended to change the configuration settings.
Simple Food Ordering System
CVE-2026-4319 Mar 17, 2026
SQLi via price in Simple Food Order System 1.0 (add-item.php) A vulnerability was identified in code-projects Simple Food Order System 1.0. Affected by this vulnerability is an unknown functionality of the file /routers/add-item.php. Such manipulation of the argument price leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be used.
CVE-2026-3763 Mar 08, 2026
Remote XSS in Simple Flight Ticket Booking System 1.0 showhistory.php A vulnerability was found in code-projects Simple Flight Ticket Booking System 1.0. The affected element is an unknown function of the file showhistory.php. The manipulation results in cross site scripting. It is possible to launch the attack remotely. The exploit has been made public and could be used.
CVE-2026-3745 Mar 08, 2026
Student Web Portal 1.0 SQLi via profile.php User arg in code-projects A vulnerability was found in code-projects Student Web Portal 1.0. Affected is an unknown function of the file profile.php. The manipulation of the argument User results in sql injection. The attack can be launched remotely. The exploit has been made public and could be used.
CVE-2026-3744 Mar 08, 2026
SQL injection in Student Web Portal 1.0 valreg_passwdation (signup.php) A vulnerability has been found in code-projects Student Web Portal 1.0. This impacts the function valreg_passwdation of the file signup.php. The manipulation of the argument reg_passwd leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2026-3736 Mar 08, 2026
SQLi in Simple Flight Ticket Booking System 1.0 via SearchResultRoundtrip.php A vulnerability was found in code-projects Simple Flight Ticket Booking System 1.0. Affected by this issue is some unknown functionality of the file SearchResultRoundtrip.php. Performing a manipulation of the argument from results in sql injection. The attack may be initiated remotely. The exploit has been made public and could be used.
CVE-2026-3735 Mar 08, 2026
Simple Flight Ticket Booking 1.0: SearchResultOneway.php SQLi A vulnerability has been found in code-projects Simple Flight Ticket Booking System 1.0. Affected by this vulnerability is an unknown functionality of the file SearchResultOneway.php. Such manipulation of the argument from leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2026-3723 Mar 08, 2026
SQLi in Simple Flight Ticket Booking 1.0 /Admindelete.php flightno arg A security flaw has been discovered in code-projects Simple Flight Ticket Booking System 1.0. This affects an unknown function of the file /Admindelete.php. The manipulation of the argument flightno results in sql injection. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks.
CVE-2026-3711 Mar 08, 2026
code-projects Simple Flight Ticket Booking Sys v1.0 - Remote SQLi A vulnerability was detected in code-projects Simple Flight Ticket Booking System 1.0. Affected is an unknown function of the file /Adminupdate.php. The manipulation of the argument flightno/airplaneid/departure/dtime/arrival/atime/ec/ep/bc/bp results in sql injection. The attack can be executed remotely. The exploit is now public and may be used.
CVE-2026-3710 Mar 08, 2026
SQLI in code-projects Simple Flight Ticket Booking System 1.0 /Adminadd.php A security vulnerability has been detected in code-projects Simple Flight Ticket Booking System 1.0. This impacts an unknown function of the file /Adminadd.php. The manipulation of the argument flightno/airplaneid/departure/dtime/arrival/atime/ec/ep/bc/bp leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.
CVE-2026-3709 Mar 08, 2026
SQL Injection in register.php of Simple Flight Ticket Booking System 1.0 A weakness has been identified in code-projects Simple Flight Ticket Booking System 1.0. This affects an unknown function of the file /register.php. Executing a manipulation of the argument Username can lead to sql injection. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks.
CVE-2026-3708 Mar 08, 2026
SQL Injection in Simple Flight Ticket Booking 1.0 /login.php (Username) A security flaw has been discovered in code-projects Simple Flight Ticket Booking System 1.0. The impacted element is an unknown function of the file /login.php. Performing a manipulation of the argument Username results in sql injection. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks.
CVE-2026-3705 Mar 08, 2026
Simple Flight Ticket Booking System 1.0 - SQL Injection in /Adminsearch.php A vulnerability was found in code-projects Simple Flight Ticket Booking System 1.0. This issue affects some unknown processing of the file /Adminsearch.php. The manipulation of the argument flightno results in sql injection. It is possible to launch the attack remotely. The exploit has been made public and could be used.
CVE-2026-2912 Feb 22, 2026
SQLi in Online Reviewer 1.0 via test_id in studentresult-view.php A vulnerability was found in code-projects Online Reviewer System 1.0. Impacted is an unknown function of the file /system/system/students/assessments/results/studentresult-view.php. The manipulation of the argument test_id results in sql injection. It is possible to launch the attack remotely. The exploit has been made public and could be used.
CVE-2026-2706 Feb 19, 2026
SQLi in Patient Record Mgmt Sys 1.0 via /fecalysis_not.php comp_id A flaw has been found in code-projects Patient Record Management System 1.0. This affects an unknown function of the file /fecalysis_not.php. This manipulation of the argument comp_id causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used.
Patient Record Management System
CVE-2025-70151 Feb 18, 2026
Unrestricted File Upload RCE in Scholars Tracking System 1.0 code-projects Scholars Tracking System 1.0 allows an authenticated attacker to achieve remote code execution via unrestricted file upload. The endpoints update_profile_picture.php and upload_picture.php store uploaded files in a web-accessible uploads/ directory using the original, user-supplied filename without validating the file type or extension. By uploading a PHP file and then requesting it from /uploads/, an attacker can execute arbitrary PHP code as the web server user.
Scholars Tracking System
CVE-2026-2224 Feb 09, 2026
XSS in code-projects Online Review Sys 1.0 /system/admins/manage/users/btn_functions.php A vulnerability was detected in code-projects Online Reviewer System 1.0. This affects an unknown part of the file /system/system/admins/manage/users/btn_functions.php. The manipulation of the argument firstname results in cross site scripting. It is possible to launch the attack remotely. The exploit is now public and may be used.
CVE-2026-2223 Feb 09, 2026
code-projects Online Reviewer System 1.0 index.php SQLi ID param A security vulnerability has been detected in code-projects Online Reviewer System 1.0. Affected by this issue is some unknown functionality of the file /system/system/students/assessments/pretest/take/index.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used.
CVE-2026-2222 Feb 09, 2026
XSS via firstname in btn_functions.php (1.0) A weakness has been identified in code-projects Online Reviewer System 1.0. Affected by this vulnerability is an unknown functionality of the file /system/system/admins/manage/users/btn_functions.php. Executing a manipulation of the argument firstname can lead to cross site scripting. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks.
CVE-2026-2221 Feb 09, 2026
Online Reviewer System 1.0 Login SQLi via /login/index.php Username Remote A security flaw has been discovered in code-projects Online Reviewer System 1.0. Affected is an unknown function of the file /login/index.php of the component Login. Performing a manipulation of the argument Username results in sql injection. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks.
CVE-2026-2220 Feb 09, 2026
code-projects ORS 1.0: Remote SQLi via difficulty_id A vulnerability was identified in code-projects Online Reviewer System 1.0. This impacts an unknown function of the file /system/system/admins/assessments/pretest/btn_functions.php. Such manipulation of the argument difficulty_id leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might be used.
CVE-2026-2214 Feb 09, 2026
CVE-2026-2214 XSS via txtalbum in code-projects Plugin 1.0 (AdminAddAlbum) A weakness has been identified in code-projects for Plugin 1.0. This affects an unknown part of the file /Administrator/PHP/AdminAddAlbum.php. This manipulation of the argument txtalbum causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks.
CVE-2026-2213 Feb 09, 2026
Code-Projects Online Music Site 1.0 Unrestricted File Upload via txtimage A security flaw has been discovered in code-projects Online Music Site 1.0. Affected by this issue is some unknown functionality of the file /Administrator/PHP/AdminAddAlbum.php. The manipulation of the argument txtimage results in unrestricted upload. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks.
CVE-2026-2212 Feb 09, 2026
SQLi via ID in CodeProjects Online Music Site 1.0 AdminEditCategory.php A vulnerability was identified in code-projects Online Music Site 1.0. Affected by this vulnerability is an unknown functionality of the file /Administrator/PHP/AdminEditCategory.php. The manipulation of the argument ID leads to sql injection. The attack is possible to be carried out remotely. The exploit is publicly available and might be used.
CVE-2026-2211 Feb 09, 2026
SQLi via ID in AdminDeleteCategory.php of Online Music Site 1.0 A vulnerability was determined in code-projects Online Music Site 1.0. Affected is an unknown function of the file /Administrator/PHP/AdminDeleteCategory.php. Executing a manipulation of the argument ID can lead to sql injection. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized.
CVE-2026-2199 Feb 09, 2026
SQLi in code-projects Online Reviewer System 1.0 via user-delete.php A security flaw has been discovered in code-projects Online Reviewer System 1.0. The impacted element is an unknown function of the file /reviewer/system/system/admins/manage/users/user-delete.php. Performing a manipulation of the argument ID results in sql injection. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks.
CVE-2026-2198 Feb 09, 2026
SQL Injection in code-projects Online Reviewer System 1.0 via difficulty_id A vulnerability was identified in code-projects Online Reviewer System 1.0. The affected element is an unknown function of the file /system/system/admins/assessments/pretest/loaddata.php. Such manipulation of the argument difficulty_id leads to sql injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used.
CVE-2026-2197 Feb 09, 2026
Code-Projects Online Reviewer System 1.0 SQLi in exam-delete.php A vulnerability was determined in code-projects Online Reviewer System 1.0. Impacted is an unknown function of the file /system/system/admins/assessments/pretest/exam-delete.php. This manipulation of the argument test_id causes sql injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized.
CVE-2026-2196 Feb 09, 2026
SQLi in code-projects Online Reviewer System 1.0 via exam-update.php test_id A vulnerability was found in code-projects Online Reviewer System 1.0. This issue affects some unknown processing of the file /system/system/admins/assessments/pretest/exam-update.php. The manipulation of the argument test_id results in sql injection. The attack may be performed from remote. The exploit has been made public and could be used.
CVE-2026-2195 Feb 08, 2026
SQLi in code-projects Online Reviewer System 1.0 via ID param A vulnerability has been found in code-projects Online Reviewer System 1.0. This vulnerability affects unknown code of the file /system/system/admins/assessments/pretest/questions-view.php. The manipulation of the argument ID leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used.
CVE-2026-2176 Feb 08, 2026
CVE-2026-2176: SQLi in code-projects CMS 1.0 index.py (remote) A security vulnerability has been detected in code-projects Contact Management System 1.0. This issue affects some unknown processing of the file index.py. Such manipulation of the argument selecteditem[0] leads to sql injection. The attack can be executed remotely.
CVE-2026-2174 Feb 08, 2026
Contact Management Sys 1.0 CRUD Endpoint ID Auth Bypass Remote A security flaw has been discovered in code-projects Contact Management System 1.0. This affects an unknown part of the component CRUD Endpoint. The manipulation of the argument ID results in improper authentication. The attack may be launched remotely.
CVE-2026-2173 Feb 08, 2026
Code-Projects OES 1.0 SQLi via login.php A vulnerability was identified in code-projects Online Examination System 1.0. Affected by this issue is some unknown functionality of the file login.php. The manipulation of the argument username/password leads to sql injection. The attack may be initiated remotely.
CVE-2026-2172 Feb 08, 2026
Remote SQLi in code-projects OAS Admission 1.0 Login Endpoint A vulnerability was determined in code-projects Online Application System for Admission 1.0. Affected by this vulnerability is an unknown functionality of the file enrollment/index.php of the component Login Endpoint. Executing a manipulation can lead to sql injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized.
CVE-2026-2171 Feb 08, 2026
Online Student Management System 1.0: SQLi via accounts.php Login (remote) A vulnerability was found in code-projects Online Student Management System 1.0. Affected is an unknown function of the file accounts.php of the component Login. Performing a manipulation of the argument username/password results in sql injection. The attack can be initiated remotely. The exploit has been made public and could be used.
CVE-2026-2166 Feb 08, 2026
SQL Injection in Online Reviewer System 1.0 Login Component A security vulnerability has been detected in code-projects Online Reviewer System 1.0. The affected element is an unknown function of the file /login/index.php of the component Login. The manipulation of the argument username/password leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used.
CVE-2026-2158 Feb 08, 2026
SQLi in Student Web Portal 1.0 /check_user.php via Username A vulnerability was detected in code-projects Student Web Portal 1.0. This impacts an unknown function of the file /check_user.php. Performing a manipulation of the argument Username results in sql injection. It is possible to initiate the attack remotely.
CVE-2026-2156 Feb 08, 2026
XSS in Code-Projects OSM 1.0 /admin/announcement/index.php A weakness has been identified in code-projects Online Student Management System 1.0. The impacted element is an unknown function of the file /admin/announcement/index.php?view=add of the component Announcement Management Module. This manipulation causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used for attacks.
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.