Code Projects Code Projects

  1. Vendors
  2. Code Projects

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Code Projects product.

RSS Feeds for Code Projects security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Code Projects products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Code Projects Sorted by Most Security Vulnerabilities since 2018

Code Projects Exam Form Submission30 vulnerabilities

Code Projects Simple Laundry System26 vulnerabilities

Code Projects Patient Record Management System26 vulnerabilities

Code Projects Blood Bank Management System23 vulnerabilities

Code Projects Blood Bank System22 vulnerabilities

Code Projects Online Shoe Store21 vulnerabilities

Code Projects Inventory Management System21 vulnerabilities

Code Projects Library System20 vulnerabilities

Code Projects Chat System18 vulnerabilities

Code Projects Pharmacy Management System17 vulnerabilities

Code Projects Client Details System16 vulnerabilities

Code Projects Job Recruitment16 vulnerabilities

Code Projects Simple Admin Panel14 vulnerabilities

Code Projects Online Restaurant Management System14 vulnerabilities

Code Projects Content Management System13 vulnerabilities

Code Projects Online Class Exam Scheduling System12 vulnerabilities

Code Projects Vehicle Management11 vulnerabilities

Code Projects Hospital Management System11 vulnerabilities

Code Projects Modern Bag11 vulnerabilities

Code Projects Blood Bank10 vulnerabilities

Code Projects Scholars Tracking System10 vulnerabilities

Code Projects Simple Food Ordering System10 vulnerabilities

Code Projects Point Sales Inventory Management System10 vulnerabilities

Code Projects Simple School Management System9 vulnerabilities

Code Projects Fighting Cock Information System9 vulnerabilities

Code Projects Online Book Shop7 vulnerabilities

Code Projects Simple Stock System7 vulnerabilities

Code Projects Voting System7 vulnerabilities

Code Projects Restaurant Reservation System7 vulnerabilities

Code Projects Hotel Management System7 vulnerabilities

Code Projects Employee Profile Management System7 vulnerabilities

Code Projects Crime Reporting System7 vulnerabilities

Code Projects Inventory Management6 vulnerabilities

Code Projects Human Resource Integrated System6 vulnerabilities

Code Projects Automated Voting System6 vulnerabilities

Code Projects Nero Social Networking Site6 vulnerabilities

Code Projects E Commerce Website6 vulnerabilities

Code Projects Online Event Judging System6 vulnerabilities

Code Projects Crud Operation System5 vulnerabilities

Code Projects Simple Art Gallery5 vulnerabilities

Code Projects Simple Car Rental System5 vulnerabilities

Code Projects Simple Chat System5 vulnerabilities

Code Projects Online Exam Mastering System5 vulnerabilities

Code Projects Simple Online Hotel Reservation System5 vulnerabilities

Code Projects Daily Expense Manager4 vulnerabilities

Code Projects Dormitory Management System4 vulnerabilities

Code Projects Student Record System4 vulnerabilities

Code Projects Travel Management System4 vulnerabilities

Code Projects Student Enrollment4 vulnerabilities

Code Projects Social Networking Site4 vulnerabilities

Code Projects Simple Task List3 vulnerabilities

Code Projects Simple Ticket Booking3 vulnerabilities

Code Projects Budget Management3 vulnerabilities

Code Projects Product Management System3 vulnerabilities

Code Projects Prison Management System3 vulnerabilities

Code Projects Pharmacy Management3 vulnerabilities

Code Projects Computer Book Store3 vulnerabilities

Code Projects Student Management System2 vulnerabilities

Code Projects Simple Crud Functionality2 vulnerabilities

Code Projects Assessment Management2 vulnerabilities

Code Projects Online Job Portal2 vulnerabilities

Code Projects Food Ordering System2 vulnerabilities

Code Projects Human Resource Management2 vulnerabilities

Code Projects Farmacia2 vulnerabilities

Code Projects News Publishing Site Dashboard2 vulnerabilities

Code Projects Online Car Rental System2 vulnerabilities

Code Projects College Notes Uploading System2 vulnerabilities

Code Projects Police Fir Record Management System2 vulnerabilities

Code Projects Cinema Seat Reservation System2 vulnerabilities

Code Projects Responsive Hotel Site2 vulnerabilities

Code Projects Real Estate Property Management System2 vulnerabilities

Code Projects Record Management System2 vulnerabilities

Code Projects Task Manager1 vulnerability

Code Projects Admin Dashboard1 vulnerability

Code Projects College Management System1 vulnerability

Code Projects Courier Management System1 vulnerability

Code Projects Vehicle Parking Management System1 vulnerability

Code Projects Student Enrollment In Php1 vulnerability

Code Projects Laundry System1 vulnerability

Code Projects Local Storage Todo App1 vulnerability

Code Projects Online Faculty Clearance1 vulnerability

Code Projects Simple E Banking System1 vulnerability

Code Projects Online Shop Store1 vulnerability

Code Projects Simple Banking System1 vulnerability

Code Projects Police Station Management System1 vulnerability

Code Projects Qr Code Generator1 vulnerability

Code Projects Shopping Portal1 vulnerability

By the Year

In 2026 there have been 218 vulnerabilities in Code Projects with an average score of 6.0 out of ten. Last year, in 2025 Code Projects had 461 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Code Projects in 2026 could surpass last years number. Last year, the average CVE base score was greater by 1.53




Year Vulnerabilities Average Score
2026 218 5.98
2025 461 7.51
2024 191 8.50
2023 37 7.29
2022 1 9.80

It may take a day or so for new Code Projects vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Code Projects Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2026-7238 Apr 28, 2026
Unrestricted upload in Online Music Site 1.0 via AdminUpdateAlbum.txtimage A flaw has been found in code-projects Online Music Site 1.0. This affects an unknown part of the file /Administrator/PHP/AdminUpdateAlbum.php. This manipulation of the argument txtimage causes unrestricted upload. Remote exploitation of the attack is possible. The exploit has been published and may be used.
CVE-2026-7229 Apr 28, 2026
SQL Injection via POST Handler in Coaching Management System 1.0 A vulnerability was found in code-projects Coaching Management System 1.0. This affects an unknown function of the file /cims/modules/admin/reply.php of the component POST Handler. Performing a manipulation of the argument complaintreply results in sql injection. It is possible to initiate the attack remotely. The exploit has been made public and could be used.
CVE-2026-7222 Apr 28, 2026
CWE-79 XSS in Coaching Management System 1.0 Complaint Form Page A vulnerability was determined in code-projects Coaching Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /cims/modules/student/complaint.php of the component Complaint Form Page. This manipulation of the argument Complaint causes cross site scripting. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized.
CVE-2026-7134 Apr 27, 2026
Online Lot Reservation System 1.0 Unrestricted File Upload via edithousepic.php A vulnerability was identified in code-projects Online Lot Reservation System 1.0. Affected is an unknown function of the file /edithousepic.php. Such manipulation of the argument image leads to unrestricted upload. The attack can be launched remotely. The exploit is publicly available and might be used.
CVE-2026-7133 Apr 27, 2026
Unrestricted File Upload via activity.php in CP Online Lot Reservation 1.0 A vulnerability was determined in code-projects Online Lot Reservation System 1.0. This impacts an unknown function of the file /activity.php. This manipulation of the argument directory causes unrestricted upload. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized.
CVE-2026-7132 Apr 27, 2026
Path Traversal in readfile() of Online Lot Reservation System 1.0 (download.php) A vulnerability was found in code-projects Online Lot Reservation System up to 1.0. This affects the function readfile of the file /download.php. The manipulation of the argument File results in path traversal. It is possible to launch the attack remotely. The exploit has been made public and could be used.
CVE-2026-7131 Apr 27, 2026
SQLi via loginuser.php in Online Lot Reservation up to 1.0 A vulnerability has been found in code-projects Online Lot Reservation System up to 1.0. The impacted element is an unknown function of the file /loginuser.php. The manipulation of the argument email/password leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2026-7118 Apr 27, 2026
Employee Management System 1.0: Remote SQLi via cancel.php id/token Arg A security vulnerability has been detected in code-projects Employee Management System 1.0. The affected element is an unknown function of the file 370project/cancel.php. The manipulation of the argument id/token leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used.
CVE-2026-7117 Apr 27, 2026
Employee Management System 1.0: SQLi via approve.php id/token A weakness has been identified in code-projects Employee Management System 1.0. Impacted is an unknown function of the file 370project/approve.php. Executing a manipulation of the argument id/token can lead to sql injection. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks.
CVE-2026-7116 Apr 27, 2026
XSS CVE-2026-7116 in Employee Management System 1.0 (mark.php) - remote A security flaw has been discovered in code-projects Employee Management System 1.0. This issue affects some unknown processing of the file 370project/mark.php. Performing a manipulation results in cross site scripting. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks.
CVE-2026-7115 Apr 27, 2026
SQLi in code-projects Employee Management System v1.0 delete.php A vulnerability was identified in code-projects Employee Management System 1.0. This vulnerability affects unknown code of the file 370project/delete.php. Such manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit is publicly available and might be used.
CVE-2026-7114 Apr 27, 2026
CVE-2026-7114: Employee Management System 1.0 SQLi in edit.php ID A vulnerability was determined in code-projects Employee Management System 1.0. This affects an unknown part of the file 370project/edit.php. This manipulation of the argument ID causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized.
CVE-2026-7110 Apr 27, 2026
XSS in Invoice System 1.0 via /item (Remotely exploitable) A flaw has been found in code-projects Invoice System in Laravel 1.0. Affected is an unknown function of the file /item. Executing a manipulation of the argument item name/description can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been published and may be used.
CVE-2026-7109 Apr 27, 2026
Improper Authorization in code-projects Invoice System 1.0 (Laravel API) A vulnerability was detected in code-projects Invoice System in Laravel 1.0. This impacts an unknown function of the file /item of the component API Endpoint. Performing a manipulation results in improper authorization. It is possible to initiate the attack remotely. The exploit is now public and may be used.
CVE-2026-7108 Apr 27, 2026
CrossSite Request Forgery in codeprojects Invoice System 1.0 A security vulnerability has been detected in code-projects Invoice System in Laravel 1.0. This affects an unknown function. Such manipulation leads to cross-site request forgery. The attack may be performed from remote. The exploit has been disclosed publicly and may be used.
CVE-2026-7107 Apr 27, 2026
InvoiceSys Laravel 1.0 Unrestricted File Upload /company logo A weakness has been identified in code-projects Invoice System in Laravel 1.0. The impacted element is an unknown function of the file /company. This manipulation of the argument logo causes unrestricted upload. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used for attacks.
CVE-2026-7103 Apr 27, 2026
Chat System 1.0 MD5 Hash Handler Weak Hash Remote Vulnerability A vulnerability was determined in code-projects Chat System 1.0. Affected is an unknown function of the file update_user.php of the component MD5 Hash Handler. This manipulation of the argument Password causes use of weak hash. The attack is possible to be carried out remotely. The attack's complexity is rated as high. The exploitability is told to be difficult. The exploit has been publicly disclosed and may be utilized.
Chat System
CVE-2026-7095 Apr 27, 2026
Employee Management System 1.0 XSS on ID param in 370project/edit.php A vulnerability was identified in code-projects Employee Management System 1.0. This affects an unknown part of the file 370project/edit.php. The manipulation of the argument ID leads to cross site scripting. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.
CVE-2026-7093 Apr 27, 2026
code-projects Invoice System 1.0 Improper Auth via /invoice ID manipulation (remote) A vulnerability was found in code-projects Invoice System in Laravel 1.0. Affected by this vulnerability is an unknown functionality of the file /invoice/ of the component Invoice Endpoint. Performing a manipulation of the argument ID results in improper authorization. The attack is possible to be carried out remotely. The exploit has been made public and could be used.
CVE-2026-7092 Apr 27, 2026
CVE-2026-7092 Laravel 1.0 Invoice Sys ID Taint Improper Auth A vulnerability has been found in code-projects Invoice System in Laravel 1.0. Affected is an unknown function of the file /profile/ of the component Profile Handler. Such manipulation of the argument ID leads to improper authorization. The attack can be executed remotely. The exploit has been disclosed to the public and may be used.
CVE-2026-7091 Apr 27, 2026
Code-Projects Invoice System 1.0 Improper Auth in User Management Handler (CVE-2026-7091) A flaw has been found in code-projects Invoice System in Laravel 1.0. This impacts an unknown function of the file /user of the component User Management Handler. This manipulation causes improper authorization. Remote exploitation of the attack is possible. The exploit has been published and may be used.
CVE-2026-7090 Apr 27, 2026
Code-Projects Chat System 1.0 Remote XSS via msg arg in /admin/send_message.php A vulnerability was detected in code-projects Chat System 1.0. This affects an unknown function of the file /admin/send_message.php of the component Chat Interface. The manipulation of the argument msg results in cross site scripting. The attack may be launched remotely. The exploit is now public and may be used.
Chat System
CVE-2026-7089 Apr 27, 2026
Home Service System 1.0 XSS via /booking.php fname/lname A security vulnerability has been detected in code-projects Home Service System 1.0. The impacted element is an unknown function of the file /booking.php of the component Appointment Booking. The manipulation of the argument fname/lname leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used.
CVE-2026-7070 Apr 27, 2026
SQLi in code-projects IMS 1.0 Login remote A weakness has been identified in code-projects Inventory Management System 1.0. Affected is an unknown function of the component Login. Executing a manipulation of the argument Username can lead to sql injection. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks.
Inventory Management System
CVE-2026-7063 Apr 26, 2026
CVE-2026-7063 | SQLi via pwd in Employee Management System 1.0 Endpoint A vulnerability was detected in code-projects Employee Management System 1.0. This vulnerability affects unknown code of the file /370project/process/eprocess.php of the component Endpoint. Performing a manipulation of the argument pwd results in sql injection. The attack is possible to be carried out remotely. The exploit is now public and may be used.
CVE-2026-6202 Apr 13, 2026
Easy Blog Site 1.0 PHP SQLi via tags in post.php A security flaw has been discovered in code-projects Easy Blog Site 1.0. This affects an unknown function of the file post.php. Performing a manipulation of the argument tags results in sql injection. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks.
CVE-2026-6184 Apr 13, 2026
Code-Projects SimpleCMS 1.0 XSS via /web/admin/welcome.php A weakness has been identified in code-projects Simple Content Management System 1.0. This affects an unknown part of the file /web/admin/welcome.php. Executing a manipulation of the argument News Title can lead to cross site scripting. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks.
Content Management System
CVE-2026-6183 Apr 13, 2026
SQLi via ID Param in code-projects SCMS 1.0 /web/index.php A security flaw has been discovered in code-projects Simple Content Management System 1.0. Affected by this issue is some unknown functionality of the file /web/index.php. Performing a manipulation of the argument ID results in sql injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks.
Content Management System
CVE-2026-6182 Apr 13, 2026
Simple CMS 1.0 SQL Injection in admin/login.php via User param A vulnerability was identified in code-projects Simple Content Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /web/admin/login.php. Such manipulation of the argument User leads to sql injection. The attack may be launched remotely. The exploit is publicly available and might be used.
Content Management System
CVE-2026-6167 Apr 13, 2026
Faculty Management System 1.0 remote SQL injection via /subjectprint.php ID A vulnerability was detected in code-projects Faculty Management System 1.0. Impacted is an unknown function of the file /subject-print.php. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. The exploit is now public and may be used.
CVE-2026-6166 Apr 13, 2026
SQL Injection in Vehicle Showroom Mgt Sys 1.0 (UpdateVehicleFunction.php) A security vulnerability has been detected in code-projects Vehicle Showroom Management System 1.0. This issue affects some unknown processing of the file /util/UpdateVehicleFunction.php. The manipulation of the argument VEHICLE_ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used.
CVE-2026-6165 Apr 13, 2026
Vehicle Showroom Management System 1.0 SQLi via Login_check.ID Remote A weakness has been identified in code-projects Vehicle Showroom Management System 1.0. This vulnerability affects unknown code of the file /util/Login_check.php. Executing a manipulation of the argument ID can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks.
CVE-2026-6164 Apr 13, 2026
SQLi in Lost & Found Thing Mgmt 1.0 /addcat.php (cata arg) A security flaw has been discovered in code-projects Lost and Found Thing Management 1.0. This affects an unknown part of the file /addcat.php. Performing a manipulation of the argument cata results in sql injection. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks.
CVE-2026-6163 Apr 13, 2026
SQLi in Lost and Found Thing Mgmt 1.0 via /catageory.php remote A vulnerability was identified in code-projects Lost and Found Thing Management 1.0. Affected by this issue is some unknown functionality of the file /catageory.php. Such manipulation of the argument cat leads to sql injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used.
CVE-2026-6161 Apr 13, 2026
Simple ChatBox<1.0: Remote SQLi via /chatbox/insert.php Endpoint msg A vulnerability was determined in code-projects Simple ChatBox up to 1.0. This affects an unknown part of the file /chatbox/insert.php of the component Endpoint. Executing a manipulation of the argument msg can lead to sql injection. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized.
CVE-2026-6160 Apr 13, 2026
Simple ChatBox 1.0 Remote File/Dir Disclosure via Endpoint SimpleChatbox_PHP A vulnerability was found in code-projects Simple ChatBox 1.0. Affected by this issue is the function SimpleChatbox_PHP of the file chatbox.sql of the component Endpoint. Performing a manipulation results in file and directory information exposure. It is possible to initiate the attack remotely. The exploit has been made public and could be used.
CVE-2026-6159 Apr 13, 2026
Simple ChatBox 1.0 XSS via /chatbox/insert.php msg param A vulnerability has been found in code-projects Simple ChatBox up to 1.0. Affected by this vulnerability is an unknown functionality of the file /chatbox/insert.php of the component Endpoint. Such manipulation of the argument msg leads to cross site scripting. The attack may be performed from remote. The exploit has been disclosed to the public and may be used.
CVE-2026-6153 Apr 13, 2026
Vehicle Showroom Management System 1.0 SQLi via StaffDetailsFunction.php A vulnerability was identified in code-projects Vehicle Showroom Management System 1.0. Impacted is an unknown function of the file /util/StaffDetailsFunction.php. Such manipulation of the argument STAFF_ID leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be used.
CVE-2026-6152 Apr 13, 2026
Vehicle Showroom Mgmt Sys 1.0 SQLi via STAFF_ID in StaffAddingFunction.php A vulnerability was determined in code-projects Vehicle Showroom Management System 1.0. This issue affects some unknown processing of the file /util/StaffAddingFunction.php. This manipulation of the argument STAFF_ID causes sql injection. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized.
CVE-2026-6151 Apr 13, 2026
Vehicle Showroom Mgmt Sys 1.0 SQLi via PaymentStatusFunction.php A vulnerability was found in code-projects Vehicle Showroom Management System 1.0. This vulnerability affects unknown code of the file /util/PaymentStatusFunction.php. The manipulation of the argument CUSTOMER_ID results in sql injection. It is possible to launch the attack remotely. The exploit has been made public and could be used.
CVE-2026-6150 Apr 13, 2026
Simple Laundry System 1.0 - XSS via serviceId in /checkupdatestatus.php A vulnerability has been found in code-projects Simple Laundry System 1.0. This affects an unknown part of the file /checkupdatestatus.php. The manipulation of the argument serviceId leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Simple Laundry System
CVE-2026-6149 Apr 13, 2026
Vehicle Showroom Mgmt System 1.0 php SQLi via BRANCH_ID A flaw has been found in code-projects Vehicle Showroom Management System 1.0. Affected by this issue is some unknown functionality of the file /util/BookVehicleFunction.php. Executing a manipulation of the argument BRANCH_ID can lead to sql injection. The attack may be performed from remote. The exploit has been published and may be used.
CVE-2026-6148 Apr 13, 2026
SQLi via MonthTotalReportUpdateFunction.php in Vehicle Showroom Mgmt System 1.0 A vulnerability was detected in code-projects Vehicle Showroom Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /util/MonthTotalReportUpdateFunction.php. Performing a manipulation of the argument BRANCH_ID results in sql injection. The attack is possible to be carried out remotely. The exploit is now public and may be used.
CVE-2026-6038 Apr 10, 2026
SQLi in Vehicle Showroom Management System 1.0 via RegisterCustomerFunction.php A vulnerability was identified in code-projects Vehicle Showroom Management System 1.0. This impacts an unknown function of the file /util/RegisterCustomerFunction.php. Such manipulation of the argument BRANCH_ID leads to sql injection. The attack may be performed from remote. The exploit is publicly available and might be used.
CVE-2026-6037 Apr 10, 2026
SQLi via BRANCH_ID in AddVehicleFunction.php of Vehicle Showroom Mgmt System 1.0 A vulnerability was determined in code-projects Vehicle Showroom Management System 1.0. This affects an unknown function of the file /util/AddVehicleFunction.php. This manipulation of the argument BRANCH_ID causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized.
CVE-2026-6036 Apr 10, 2026
SQLi in Vehicle Showroom System 1.0 via VehicleDetailsFunction.php A vulnerability was found in code-projects Vehicle Showroom Management System 1.0. The impacted element is an unknown function of the file /util/VehicleDetailsFunction.php. The manipulation of the argument VEHICLE_ID results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used.
CVE-2026-6035 Apr 10, 2026
XSS via BRANCH_ID in Vehicle Showroom System 1.0 ServiceAndSalesReport.php A vulnerability has been found in code-projects Vehicle Showroom Management System 1.0. The affected element is an unknown function of the file /BranchManagement/ServiceAndSalesReport.php. The manipulation of the argument BRANCH_ID leads to cross site scripting. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.
CVE-2026-6034 Apr 10, 2026
Vehicle Showroom 1.0 XSS via BRANCH_ID in ProfitAndLossReport.php A flaw has been found in code-projects Vehicle Showroom Management System 1.0. Impacted is an unknown function of the file /BranchManagement/ProfitAndLossReport.php. Executing a manipulation of the argument BRANCH_ID can lead to cross site scripting. The attack may be launched remotely. The exploit has been published and may be used.
CVE-2026-6032 Apr 10, 2026
Simple Laundry System 1.0 remote XSS via serviceId in checkcheckout.php A vulnerability was found in code-projects Simple Laundry System 1.0. This impacts an unknown function of the file /checkcheckout.php. Performing a manipulation of the argument serviceId results in cross site scripting. The attack is possible to be carried out remotely. The exploit has been made public and could be used.
Simple Laundry System
CVE-2026-6031 Apr 10, 2026
SQLi in /add-category-function.php of Simple IT Discussion Forum 1.0 A vulnerability has been found in code-projects Simple IT Discussion Forum 1.0. This affects an unknown function of the file /add-category-function.php. Such manipulation of the argument Category leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used.
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.