Code Projects
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in any Code Projects product.
Products by Code Projects Sorted by Most Security Vulnerabilities since 2018
By the Year
In 2025 there have been 3 vulnerabilities in Code Projects with an average score of 8.1 out of ten. Last year, in 2024 Code Projects had 108 security vulnerabilities published. Right now, Code Projects is on track to have less security vulnerabilities in 2025 than it did last year. Last year, the average CVE base score was greater by 0.38
Year | Vulnerabilities | Average Score |
---|---|---|
2025 | 3 | 8.13 |
2024 | 108 | 8.51 |
2023 | 35 | 7.40 |
2022 | 1 | 9.80 |
2021 | 0 | 0.00 |
2020 | 0 | 0.00 |
2019 | 0 | 0.00 |
2018 | 0 | 0.00 |
It may take a day or so for new Code Projects vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Code Projects Security Vulnerabilities
A vulnerability has been found in code-projects Local Storage Todo App 1.0 and classified as problematic
CVE-2025-0228
4.8 - Medium
- January 05, 2025
A vulnerability has been found in code-projects Local Storage Todo App 1.0 and classified as problematic. This vulnerability affects unknown code of the file /js-todo-app/index.html. The manipulation of the argument Add leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
XSS
A vulnerability, which was classified as critical, was found in code-projects Online Shoe Store 1.0
CVE-2025-0208
9.8 - Critical
- January 04, 2025
A vulnerability, which was classified as critical, was found in code-projects Online Shoe Store 1.0. This affects an unknown part of the file /summary.php. The manipulation of the argument tid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
SQL Injection
A vulnerability, which was classified as critical, has been found in code-projects Online Shoe Store 1.0
CVE-2025-0207
9.8 - Critical
- January 04, 2025
A vulnerability, which was classified as critical, has been found in code-projects Online Shoe Store 1.0. Affected by this issue is some unknown functionality of the file /function/login.php. The manipulation of the argument password leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
SQL Injection
Chat System SQL Injection Vulnerability in User Update Functionality
CVE-2024-13035
9.8 - Critical
- December 30, 2024
A vulnerability has been found in code-projects Chat System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/update_user.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
SQL Injection
Chat System 1.0: Cross-Site Scripting (XSS) in update_user.php
CVE-2024-13034
7.6 - High
- December 30, 2024
A vulnerability, which was classified as problematic, was found in code-projects Chat System 1.0. This affects an unknown part of the file /admin/update_user.php. The manipulation of the argument name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
XSS
Cross-Site Scripting (XSS) Vulnerability in Chat System Admin Chatroom
CVE-2024-13033
6.1 - Medium
- December 30, 2024
A vulnerability, which was classified as problematic, has been found in code-projects Chat System 1.0. Affected by this issue is some unknown functionality of the file /admin/chatroom.php. The manipulation of the argument id leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
XSS
Simple Admin Panel catDeleteController.php SQL Injection Vulnerability
CVE-2024-12936
- December 26, 2024
A vulnerability, which was classified as critical, has been found in code-projects Simple Admin Panel 1.0. This issue affects some unknown processing of the file catDeleteController.php. The manipulation of the argument record leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
SQL Injection
Simple Admin Panel SQL Injection Vulnerability in editItemForm.php
CVE-2024-12935
- December 26, 2024
A vulnerability classified as critical was found in code-projects Simple Admin Panel 1.0. This vulnerability affects unknown code of the file editItemForm.php. The manipulation of the argument record leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
SQL Injection
SQL Injection Vulnerability in Simple Admin Panel updateItemController.php
CVE-2024-12934
- December 26, 2024
A vulnerability classified as critical has been found in code-projects Simple Admin Panel 1.0. This affects an unknown part of the file updateItemController.php. The manipulation of the argument p_desk leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
SQL Injection
Simple Admin Panel: Cross-Site Scripting in updateItemController.php
CVE-2024-12933
- December 26, 2024
A vulnerability was found in code-projects Simple Admin Panel 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file updateItemController.php. The manipulation of the argument p_name/p_desc leads to cross site scripting. The attack may be launched remotely.
XSS
Simple Admin Panel: Cross-Site Scripting in addSizeController.php
CVE-2024-12932
- December 26, 2024
A vulnerability was found in code-projects Simple Admin Panel 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file addSizeController.php. The manipulation of the argument size leads to cross site scripting. The attack can be launched remotely.
XSS
SQL Injection Vulnerability in Simple Admin Panel addCatController.php
CVE-2024-12931
- December 26, 2024
A vulnerability was found in code-projects Simple Admin Panel 1.0. It has been classified as critical. Affected is an unknown function of the file /addCatController.php. The manipulation of the argument size leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
SQL Injection
SQL Injection Vulnerability in Simple Admin Panel
CVE-2024-12928
- December 26, 2024
A vulnerability, which was classified as critical, was found in code-projects Simple Admin Panel 1.0. This affects an unknown part. The manipulation of the argument c_name leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
SQL Injection
Admin Dashboard Cross-Site Scripting Vulnerability in Vendor Management
CVE-2024-12359
5.4 - Medium
- December 09, 2024
A vulnerability was found in code-projects Admin Dashboard 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /vendor_management.php. The manipulation of the argument username leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory mentions contradicting product names.
XSS
Hotel Management System: Stack-Based Buffer Overflow in Available Room Handler
CVE-2024-12186
7.8 - High
- December 05, 2024
A vulnerability was found in code-projects Hotel Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file hotelnew.c of the component Available Room Handler. The manipulation of the argument admin_entry leads to stack-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.
Memory Corruption
Hotel Management System: Stack-Based Buffer Overflow in Administrator Login Password Handler
CVE-2024-12185
7.8 - High
- December 05, 2024
A vulnerability has been found in code-projects Hotel Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the component Administrator Login Password Handler. The manipulation of the argument Str2 leads to stack-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.
Memory Corruption
Farmacia SQL Injection Vulnerability in Product Visualization
CVE-2024-12007
9.8 - Critical
- December 01, 2024
A vulnerability, which was classified as critical, was found in code-projects Farmacia 1.0. This affects an unknown part of the file /visualizar-produto.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
SQL Injection
Blood Bank System: Cross-Site Scripting in Setting Handler
CVE-2024-12000
5.4 - Medium
- November 30, 2024
A vulnerability was found in code-projects Blood Bank System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /controllers/updatesettings.php of the component Setting Handler. The manipulation of the argument firstname leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
XSS
Crud Operation System: Cross-Site Scripting (XSS) Vulnerability in add.php
CVE-2024-11820
5.4 - Medium
- November 27, 2024
A vulnerability, which was classified as problematic, has been found in code-projects Crud Operation System 1.0. This issue affects some unknown processing of the file /add.php. The manipulation of the argument saddress leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
XSS
Farmacia 1.0: Cross-Site Scripting (XSS) Vulnerability in fornecedores.php
CVE-2024-11259
6.1 - Medium
- November 15, 2024
A vulnerability, which was classified as problematic, has been found in code-projects Farmacia 1.0. This issue affects some unknown processing of the file /fornecedores.php. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
XSS
A vulnerability was found in code-projects Inventory Management up to 1.0
CVE-2024-11250
9.8 - Critical
- November 15, 2024
A vulnerability was found in code-projects Inventory Management up to 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /model/editProduct.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
SQL Injection
A vulnerability classified as problematic has been found in code-projects Online Shop Store 1.0
CVE-2024-11243
6.1 - Medium
- November 15, 2024
A vulnerability classified as problematic has been found in code-projects Online Shop Store 1.0. This affects an unknown part of the file /signup.php. The manipulation of the argument m2 with the input <svg%20onload=alert(document.cookie)> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
XSS
Critical SQL Injection Vulnerability in Task Manager 1.0's Project Name Parameter
CVE-2024-11096
6.5 - Medium
- November 12, 2024
A vulnerability, which was classified as critical, was found in code-projects Task Manager 1.0. This affects an unknown part of the file /newProject.php. The manipulation of the argument projectName leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
SQL Injection
Critical SQL Injection Vulnerability in AnirbanDutta9 CMS and News-Buzz v1.0 via 'user_name' Paramet
CVE-2024-10758
9.8 - Critical
- November 04, 2024
A vulnerability, which was classified as critical, was found in code-projects/anirbandutta9 Content Management System and News-Buzz 1.0. This affects an unknown part of the file /index.php. The manipulation of the argument user_name leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product is distributed under two entirely different names.
SQL Injection
A vulnerability was found in code-projects Pharmacy Management System 1.0
CVE-2024-10199
4.8 - Medium
- October 21, 2024
A vulnerability was found in code-projects Pharmacy Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /manage_medicine.php of the component Manage Medicines Page. The manipulation of the argument name/address/doctor_address/suppliers_name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory mentions contradicting files to be affected.
XSS
A vulnerability was found in code-projects Pharmacy Management System 1.0
CVE-2024-10198
4.8 - Medium
- October 21, 2024
A vulnerability was found in code-projects Pharmacy Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /manage_customer.php of the component Manage Customer Page. The manipulation of the argument suppliers_name/address leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory mentions contradicting files to be affected. Other parameters might be affected as well.
XSS
A vulnerability was found in code-projects Pharmacy Management System 1.0
CVE-2024-10197
4.8 - Medium
- October 21, 2024
A vulnerability was found in code-projects Pharmacy Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file /manage_supplier.php of the component Manage Supplier Page. The manipulation of the argument address leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
XSS
A vulnerability was found in code-projects Pharmacy Management System 1.0 and classified as critical
CVE-2024-10196
9.8 - Critical
- October 21, 2024
A vulnerability was found in code-projects Pharmacy Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /add_new_invoice.php. The manipulation of the argument text leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
SQL Injection
A vulnerability, which was classified as critical, was found in code-projects Blood Bank System up to 1.0
CVE-2024-10171
4.9 - Medium
- October 20, 2024
A vulnerability, which was classified as critical, was found in code-projects Blood Bank System up to 1.0. Affected is an unknown function of the file /admin/massage.php. The manipulation of the argument bid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
SQL Injection
A vulnerability has been found in code-projects Blood Bank System 1.0 and classified as problematic
CVE-2024-10142
5.4 - Medium
- October 19, 2024
A vulnerability has been found in code-projects Blood Bank System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /viewrequest.php. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
XSS
A vulnerability, which was classified as critical, has been found in code-projects Pharmacy Management System 1.0
CVE-2024-10140
9.8 - Critical
- October 19, 2024
A vulnerability, which was classified as critical, has been found in code-projects Pharmacy Management System 1.0. Affected by this issue is some unknown functionality of the file /manage_supplier.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
SQL Injection
A vulnerability classified as critical was found in code-projects Pharmacy Management System 1.0
CVE-2024-10139
9.8 - Critical
- October 19, 2024
A vulnerability classified as critical was found in code-projects Pharmacy Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /add_new_supplier.php. The manipulation of the argument name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
SQL Injection
A vulnerability classified as critical has been found in code-projects Pharmacy Management System 1.0
CVE-2024-10138
9.8 - Critical
- October 19, 2024
A vulnerability classified as critical has been found in code-projects Pharmacy Management System 1.0. Affected is an unknown function of the file /add_new_purchase.php?action=is_supplier. The manipulation of the argument name leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
SQL Injection
A vulnerability was found in code-projects Pharmacy Management System 1.0
CVE-2024-10137
9.8 - Critical
- October 19, 2024
A vulnerability was found in code-projects Pharmacy Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /manage_medicine.php?action=delete. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
SQL Injection
A vulnerability was found in code-projects Pharmacy Management System 1.0
CVE-2024-10136
9.8 - Critical
- October 19, 2024
A vulnerability was found in code-projects Pharmacy Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /manage_invoice.php. The manipulation of the argument invoice_number leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
SQL Injection
A vulnerability, which was classified as critical, has been found in code-projects Pharmacy Management System 1.0
CVE-2024-10024
8.8 - High
- October 16, 2024
A vulnerability, which was classified as critical, has been found in code-projects Pharmacy Management System 1.0. This issue affects some unknown processing of the file /php/manage_medicine_stock.php. The manipulation of the argument name/packing/generic_name/suppliers_name leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
SQL Injection
A vulnerability classified as critical was found in code-projects Pharmacy Management System 1.0
CVE-2024-10023
8.8 - High
- October 16, 2024
A vulnerability classified as critical was found in code-projects Pharmacy Management System 1.0. This vulnerability affects unknown code of the file /php/add_new_medicine.php. The manipulation of the argument name/packing/generic_name/suppliers_name leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
SQL Injection
A vulnerability classified as critical has been found in code-projects Pharmacy Management System 1.0
CVE-2024-10022
9.8 - Critical
- October 16, 2024
A vulnerability classified as critical has been found in code-projects Pharmacy Management System 1.0. This affects an unknown part of the file /php/manage_supplier.php?action=search. The manipulation of the argument text leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
SQL Injection
A vulnerability was found in code-projects Pharmacy Management System 1.0
CVE-2024-10021
9.8 - Critical
- October 16, 2024
A vulnerability was found in code-projects Pharmacy Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /php/manage_purchase.php?action=search&tag=VOUCHER_NUMBER. The manipulation of the argument text leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
SQL Injection
A vulnerability classified as critical has been found in code-projects Pharmacy Management System 1.0
CVE-2024-9976
9.8 - Critical
- October 15, 2024
A vulnerability classified as critical has been found in code-projects Pharmacy Management System 1.0. This affects an unknown part of the file /php/manage_customer.php?action=search. The manipulation of the argument text leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
SQL Injection
A vulnerability classified as critical was found in code-projects Crud Operation System 1.0
CVE-2024-9812
9.8 - Critical
- October 10, 2024
A vulnerability classified as critical was found in code-projects Crud Operation System 1.0. This vulnerability affects unknown code of the file delete.php. The manipulation of the argument sid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
SQL Injection
A vulnerability classified as critical has been found in code-projects Restaurant Reservation System 1.0
CVE-2024-9811
9.8 - Critical
- October 10, 2024
A vulnerability classified as critical has been found in code-projects Restaurant Reservation System 1.0. This affects an unknown part of the file filter3.php. The manipulation of the argument company leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
SQL Injection
A vulnerability was found in code-projects Blood Bank System 1.0
CVE-2024-9805
5.4 - Medium
- October 10, 2024
A vulnerability was found in code-projects Blood Bank System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /admin/campsdetails.php. The manipulation of the argument hospital/address/city/contact leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory only mentions the parameter "hospital".
XSS
A vulnerability was found in code-projects Blood Bank System 1.0
CVE-2024-9804
4.9 - Medium
- October 10, 2024
A vulnerability was found in code-projects Blood Bank System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/campsdetails.php. The manipulation of the argument hospital leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
SQL Injection
A vulnerability, which was classified as critical, was found in code-projects Blood Bank System 1.0
CVE-2024-9797
7.5 - High
- October 10, 2024
A vulnerability, which was classified as critical, was found in code-projects Blood Bank System 1.0. Affected is an unknown function of the file register.php. The manipulation of the argument user leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
SQL Injection
A vulnerability was found in code-projects Blood Bank Management System 1.0
CVE-2024-9803
5.4 - Medium
- October 10, 2024
A vulnerability was found in code-projects Blood Bank Management System 1.0. It has been classified as problematic. This affects an unknown part of the file blooddetails.php. The manipulation of the argument Availibility leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
XSS
A vulnerability has been found in code-projects Restaurant Reservation System 1.0 and classified as critical
CVE-2024-9429
9.8 - Critical
- October 02, 2024
A vulnerability has been found in code-projects Restaurant Reservation System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /filter2.php. The manipulation of the argument from/to leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory only mentions the parameter "from" to be affected. But it must be assumed that parameter "to" is affected as well.
SQL Injection
A vulnerability was found in code-projects Restaurant Reservation System 1.0
CVE-2024-9360
9.8 - Critical
- October 01, 2024
A vulnerability was found in code-projects Restaurant Reservation System 1.0. It has been classified as critical. This affects an unknown part of the file /updatebal.php. The manipulation of the argument company leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
SQL Injection
A vulnerability was found in code-projects Restaurant Reservation System 1.0 and classified as critical
CVE-2024-9359
9.8 - Critical
- October 01, 2024
A vulnerability was found in code-projects Restaurant Reservation System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /addcompany.php. The manipulation of the argument company leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
SQL Injection
A vulnerability was found in code-projects Blood Bank System 1.0
CVE-2024-9327
9.8 - Critical
- September 29, 2024
A vulnerability was found in code-projects Blood Bank System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /forgot.php. The manipulation of the argument useremail leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
SQL Injection
A vulnerability classified as critical has been found in code-projects Blood Bank Management System 1.0
CVE-2024-9316
7.5 - High
- September 28, 2024
A vulnerability classified as critical has been found in code-projects Blood Bank Management System 1.0. Affected is an unknown function of the file /admin/blood/update/B+.php. The manipulation of the argument Bloodname leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
SQL Injection
A vulnerability classified as critical was found in code-projects Blood Bank System 1.0
CVE-2024-9094
9.8 - Critical
- September 23, 2024
A vulnerability classified as critical was found in code-projects Blood Bank System 1.0. This vulnerability affects unknown code of the file /admin/blood/update/o-.php. The manipulation of the argument bloodname leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
SQL Injection
A vulnerability was found in code-projects Student Record System 1.0
CVE-2024-9091
9.8 - Critical
- September 23, 2024
A vulnerability was found in code-projects Student Record System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument regno leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
SQL Injection
A vulnerability classified as critical has been found in code-projects Restaurant Reservation System 1.0
CVE-2024-9086
9.8 - Critical
- September 22, 2024
A vulnerability classified as critical has been found in code-projects Restaurant Reservation System 1.0. Affected is an unknown function of the file /filter.php. The manipulation of the argument from/to leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory only mentions the parameter "from" to be affected. But it must be assumed that parameter "to" is affected as well.
SQL Injection
A vulnerability classified as problematic was found in code-projects Blood Bank System 1.0
CVE-2024-9084
5.4 - Medium
- September 22, 2024
A vulnerability classified as problematic was found in code-projects Blood Bank System 1.0. This vulnerability affects unknown code of the file bbms.php. The manipulation of the argument fullname/age/bloodgroup/city/phno/gender as part of String leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
XSS
A vulnerability was found in code-projects Restaurant Reservation System 1.0
CVE-2024-9085
9.8 - Critical
- September 22, 2024
A vulnerability was found in code-projects Restaurant Reservation System 1.0. It has been rated as critical. This issue affects some unknown processing of the file index.php. The manipulation of the argument date leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory mentions sid as affected paramater which is incorrect.
SQL Injection
A vulnerability was found in code-projects Student Record System 1.0
CVE-2024-9080
9.8 - Critical
- September 22, 2024
A vulnerability was found in code-projects Student Record System 1.0. It has been classified as critical. Affected is an unknown function of the file /pincode-verification.php. The manipulation of the argument pincode leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
SQL Injection
A vulnerability was found in code-projects Student Record System 1.0 and classified as critical
CVE-2024-9079
9.8 - Critical
- September 22, 2024
A vulnerability was found in code-projects Student Record System 1.0 and classified as critical. This issue affects some unknown processing of the file /marks.php. The manipulation of the argument coursename leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
SQL Injection
A vulnerability has been found in code-projects Student Record System 1.0 and classified as critical
CVE-2024-9078
9.8 - Critical
- September 22, 2024
A vulnerability has been found in code-projects Student Record System 1.0 and classified as critical. This vulnerability affects unknown code of the file /course.php. The manipulation of the argument coursename leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
SQL Injection
A vulnerability, which was classified as problematic, was found in code-projects Blood Bank Management System 1.0
CVE-2024-9040
5.5 - Medium
- September 20, 2024
A vulnerability, which was classified as problematic, was found in code-projects Blood Bank Management System 1.0. This affects an unknown part of the component Password Handler. The manipulation leads to cleartext storage in a file or on disk. An attack has to be approached locally.
Cleartext Storage of Sensitive Information
A vulnerability, which was classified as critical, was found in code-projects Crud Operation System 1.0
CVE-2024-9011
9.8 - Critical
- September 20, 2024
A vulnerability, which was classified as critical, was found in code-projects Crud Operation System 1.0. Affected is an unknown function of the file updata.php. The manipulation of the argument sid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
SQL Injection
A vulnerability was found in code-projects Crud Operation System 1.0
CVE-2024-8868
9.8 - Critical
- September 15, 2024
A vulnerability was found in code-projects Crud Operation System 1.0. It has been rated as critical. This issue affects some unknown processing of the file savedata.php. The manipulation of the argument sname leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
SQL Injection
A vulnerability was found in code-projects Crud Operation System 1.0
CVE-2024-8762
9.8 - Critical
- September 13, 2024
A vulnerability was found in code-projects Crud Operation System 1.0. It has been classified as critical. This affects an unknown part of the file /updatedata.php. The manipulation of the argument sid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
SQL Injection
A vulnerability classified as critical was found in code-projects Inventory Management 1.0
CVE-2024-8710
8.8 - High
- September 12, 2024
A vulnerability classified as critical was found in code-projects Inventory Management 1.0. Affected by this vulnerability is an unknown functionality of the file /model/viewProduct.php of the component Products Table Page. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
SQL Injection
A vulnerability classified as problematic was found in code-projects Inventory Management 1.0
CVE-2024-8605
5.4 - Medium
- September 09, 2024
A vulnerability classified as problematic was found in code-projects Inventory Management 1.0. This vulnerability affects unknown code of the file /view/registration.php of the component Registration Form. The manipulation with the input <script>alert(1)</script> leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
XSS
A vulnerability was found in code-projects Pharmacy Management System 1.0
CVE-2024-8366
4.7 - Medium
- August 31, 2024
A vulnerability was found in code-projects Pharmacy Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /index.php?id=userProfileEdit of the component Update My Profile Page. The manipulation of the argument fname/lname/email with the input <script>alert(1)</script> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
XSS
A vulnerability was found in code-projects Simple Ticket Booking 1.0
CVE-2024-7636
9.8 - Critical
- August 12, 2024
A vulnerability was found in code-projects Simple Ticket Booking 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file authenticate.php of the component Login. The manipulation of the argument email/password leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
SQL Injection
A vulnerability was found in code-projects Simple Ticket Booking 1.0
CVE-2024-7635
9.8 - Critical
- August 12, 2024
A vulnerability was found in code-projects Simple Ticket Booking 1.0. It has been classified as critical. Affected is an unknown function of the file register_insert.php of the component Registration Handler. The manipulation of the argument name/email/dob/password/Gender/phone leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
SQL Injection
A vulnerability was found in itsourcecode Simple Task List 1.0
CVE-2024-6808
9.8 - Critical
- July 17, 2024
A vulnerability was found in itsourcecode Simple Task List 1.0. It has been classified as critical. This affects the function insertUserRecord of the file signUp.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-271707.
SQL Injection
A vulnerability classified as critical has been found in code-projects Simple Ticket Booking 1.0
CVE-2024-6745
9.8 - Critical
- July 15, 2024
A vulnerability classified as critical has been found in code-projects Simple Ticket Booking 1.0. Affected is an unknown function of the file adminauthenticate.php of the component Login. The manipulation of the argument email/password leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-271476.
SQL Injection
A vulnerability was found in code-projects Library System 1.0
CVE-2024-1830
9.8 - Critical
- February 23, 2024
A vulnerability was found in code-projects Library System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file Source/librarian/user/student/lost-password.php. The manipulation of the argument email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-254618 is the identifier assigned to this vulnerability.
SQL Injection
A vulnerability was found in code-projects Library System 1.0
CVE-2024-1829
9.8 - Critical
- February 23, 2024
A vulnerability was found in code-projects Library System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file Source/librarian/user/student/registration.php. The manipulation of the argument email/regno/phone/username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-254617 was assigned to this vulnerability.
SQL Injection
A vulnerability was found in code-projects Library System 1.0
CVE-2024-1828
9.8 - Critical
- February 23, 2024
A vulnerability was found in code-projects Library System 1.0. It has been classified as critical. Affected is an unknown function of the file Source/librarian/user/teacher/registration.php. The manipulation of the argument email/idno/phone/username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-254616.
SQL Injection
A vulnerability was found in code-projects Library System 1.0 and classified as critical
CVE-2024-1827
9.8 - Critical
- February 23, 2024
A vulnerability was found in code-projects Library System 1.0 and classified as critical. This issue affects some unknown processing of the file Source/librarian/user/teacher/login.php. The manipulation of the argument username/password leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-254615.
SQL Injection
A vulnerability has been found in code-projects Library System 1.0 and classified as critical
CVE-2024-1826
9.8 - Critical
- February 23, 2024
A vulnerability has been found in code-projects Library System 1.0 and classified as critical. This vulnerability affects unknown code of the file Source/librarian/user/student/login.php. The manipulation of the argument username/password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-254614 is the identifier assigned to this vulnerability.
SQL Injection
A vulnerability was found in code-projects Crime Reporting System 1.0
CVE-2024-1821
8.8 - High
- February 23, 2024
A vulnerability was found in code-projects Crime Reporting System 1.0. It has been rated as critical. This issue affects some unknown processing of the file police_add.php. The manipulation of the argument police_name/police_id/police_spec/password leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-254609 was assigned to this vulnerability.
SQL Injection
A vulnerability was found in code-projects Crime Reporting System 1.0
CVE-2024-1820
9.8 - Critical
- February 23, 2024
A vulnerability was found in code-projects Crime Reporting System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file inchargelogin.php. The manipulation of the argument email/password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-254608.
SQL Injection
A cross-site scripting (XSS) vulnerability in Simple Admin Panel App v1.0
CVE-2024-25226
6.1 - Medium
- February 14, 2024
A cross-site scripting (XSS) vulnerability in Simple Admin Panel App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Category Name parameter under the Add Category function.
XSS
A cross-site scripting (XSS) vulnerability in Simple Admin Panel App v1.0
CVE-2024-25225
5.4 - Medium
- February 14, 2024
A cross-site scripting (XSS) vulnerability in Simple Admin Panel App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Category Name parameter under the Add Category function.
XSS
A cross-site scripting (XSS) vulnerability in Simple Admin Panel App v1.0
CVE-2024-25224
5.4 - Medium
- February 14, 2024
A cross-site scripting (XSS) vulnerability in Simple Admin Panel App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Size Number parameter under the Add Size function.
XSS
Simple Admin Panel App v1.0 was discovered to contain a SQL injection vulnerability
CVE-2024-25223
9.8 - Critical
- February 14, 2024
Simple Admin Panel App v1.0 was discovered to contain a SQL injection vulnerability via the orderID parameter at /adminView/viewEachOrder.php.
SQL Injection
Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'id' parameter at "School/delete.php?id=5
CVE-2024-25310
8.8 - High
- February 09, 2024
Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'id' parameter at "School/delete.php?id=5."
SQL Injection
Code-projects Cinema Seat Reservation System 1.0 allows SQL Injection via the 'id' parameter at "/Cinema-Reservation/booking.php?id=1
CVE-2024-25307
9.8 - Critical
- February 09, 2024
Code-projects Cinema Seat Reservation System 1.0 allows SQL Injection via the 'id' parameter at "/Cinema-Reservation/booking.php?id=1."
SQL Injection
Code-projects Simple School Managment System 1.0
CVE-2024-25313
8.8 - High
- February 09, 2024
Code-projects Simple School Managment System 1.0 allows Authentication Bypass via the username and password parameters at School/teacher_login.php.
authentification
Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'id' parameter at "School/sub_delete.php?id=5
CVE-2024-25312
8.8 - High
- February 09, 2024
Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'id' parameter at "School/sub_delete.php?id=5."
SQL Injection
Code-projects Simple School Managment System 1.0
CVE-2024-25309
8.8 - High
- February 09, 2024
Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'pass' parameter at School/teacher_login.php.
SQL Injection
Code-projects Simple School Managment System 1.0
CVE-2024-25308
8.8 - High
- February 09, 2024
Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'name' parameter at School/teacher_login.php.
SQL Injection
Code-projects Simple School Managment System 1.0
CVE-2024-25306
8.8 - High
- February 09, 2024
Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'aname' parameter at "School/index.php".
SQL Injection
Code-projects Simple School Managment System 1.0
CVE-2024-25305
8.8 - High
- February 09, 2024
Code-projects Simple School Managment System 1.0 allows Authentication Bypass via the username and password parameters at School/index.php.
SQL Injection
Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'apass' parameter at "School/index.php
CVE-2024-25304
8.8 - High
- February 09, 2024
Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'apass' parameter at "School/index.php."
SQL Injection
A vulnerability was found in code-projects Social Networking Site 1.0 and classified as problematic
CVE-2024-0722
5.4 - Medium
- January 19, 2024
A vulnerability was found in code-projects Social Networking Site 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file message.php of the component Message Page. The manipulation of the argument Story leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-251546 is the identifier assigned to this vulnerability.
XSS
A vulnerability was found in code-projects Fighting Cock Information System 1.0
CVE-2024-0489
9.8 - Critical
- January 13, 2024
A vulnerability was found in code-projects Fighting Cock Information System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/action/edit_chicken.php. The manipulation of the argument ref leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-250594 is the identifier assigned to this vulnerability.
SQL Injection
A vulnerability was found in code-projects Fighting Cock Information System 1.0
CVE-2024-0488
9.8 - Critical
- January 13, 2024
A vulnerability was found in code-projects Fighting Cock Information System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/action/new-feed.php. The manipulation of the argument type_feed leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250593 was assigned to this vulnerability.
SQL Injection
A vulnerability was found in code-projects Fighting Cock Information System 1.0 and classified as critical
CVE-2024-0487
9.8 - Critical
- January 13, 2024
A vulnerability was found in code-projects Fighting Cock Information System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/action/delete-vaccine.php. The manipulation of the argument ref leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250592.
SQL Injection
A vulnerability has been found in code-projects Fighting Cock Information System 1.0 and classified as critical
CVE-2024-0486
9.8 - Critical
- January 13, 2024
A vulnerability has been found in code-projects Fighting Cock Information System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/action/add_con.php. The manipulation of the argument chicken leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250591.
SQL Injection
A vulnerability, which was classified as critical, was found in code-projects Fighting Cock Information System 1.0
CVE-2024-0485
9.8 - Critical
- January 13, 2024
A vulnerability, which was classified as critical, was found in code-projects Fighting Cock Information System 1.0. Affected is an unknown function of the file admin/pages/tables/add_con.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-250590 is the identifier assigned to this vulnerability.
SQL Injection
A vulnerability, which was classified as critical, has been found in code-projects Fighting Cock Information System 1.0
CVE-2024-0484
9.8 - Critical
- January 13, 2024
A vulnerability, which was classified as critical, has been found in code-projects Fighting Cock Information System 1.0. This issue affects some unknown processing of the file admin/action/update_mother.php. The manipulation of the argument age_mother leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250589 was assigned to this vulnerability.
SQL Injection
A vulnerability was found in code-projects Fighting Cock Information System 1.0 and classified as critical
CVE-2024-0478
9.8 - Critical
- January 13, 2024
A vulnerability was found in code-projects Fighting Cock Information System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/pages/edit_chicken.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250583.
SQL Injection
A vulnerability has been found in code-projects Fighting Cock Information System 1.0 and classified as critical
CVE-2024-0477
9.8 - Critical
- January 13, 2024
A vulnerability has been found in code-projects Fighting Cock Information System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/action/update-deworm.php. The manipulation of the argument usage_deworm leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-250582 is the identifier assigned to this vulnerability.
SQL Injection
A vulnerability, which was classified as critical, has been found in code-projects Dormitory Management System 1.0
CVE-2024-0475
9.8 - Critical
- January 13, 2024
A vulnerability, which was classified as critical, has been found in code-projects Dormitory Management System 1.0. Affected by this issue is some unknown functionality of the file modifyuser.php. The manipulation of the argument user_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250580.
SQL Injection