Codezips
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in any Codezips product.
RSS Feeds for Codezips security vulnerabilities
Create a CVE RSS feed including security vulnerabilities found in Codezips products with stack.watch. Just hit watch, then grab your custom RSS feed url.
Products by Codezips Sorted by Most Security Vulnerabilities since 2018
By the Year
In 2026 there have been 0 vulnerabilities in Codezips. Last year, in 2025 Codezips had 23 security vulnerabilities published. Right now, Codezips is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 23 | 9.45 |
| 2024 | 52 | 9.58 |
It may take a day or so for new Codezips vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Codezips Security Vulnerabilities
| CVE | Date | Vulnerability | Products |
|---|---|---|---|
| CVE-2025-29208 | Apr 01, 2025 |
CodeZips Gym Management Sys v1.0: SQLi in deleteroutine.php 'name'CodeZips Gym Management System v1.0 is vulnerable to SQL injection in the name parameter within /dashboard/admin/deleteroutine.php. |
Gym Management System
|
| CVE-2025-2847 | Mar 27, 2025 |
Critical SQLi in Codezips Gym Management System 1.0 via over_month.php mmA vulnerability, which was classified as critical, has been found in Codezips Gym Management System 1.0. This issue affects some unknown processing of the file /dashboard/admin/over_month.php. The manipulation of the argument mm leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. |
Gym Management System
|
| CVE-2025-2664 | Mar 23, 2025 |
SQLi in /suadpeted.php of CodeZips HMS 1.0A vulnerability was found in CodeZips Hospital Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /suadpeted.php. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. |
Hospital Management System
|
| CVE-2025-1959 | Mar 04, 2025 |
Codezips Gym Management System 1.0 - /change_s_pwd.php Arbitrary SQLiA vulnerability, which was classified as critical, was found in Codezips Gym Management System 1.0. Affected is an unknown function of the file /change_s_pwd.php. The manipulation of the argument login_id/login_key leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. |
Gym Management System
|
| CVE-2025-1903 | Mar 04, 2025 |
Critical SQLi in Codezips OSW 1.0 via /cart_add.php (id)A vulnerability was found in Codezips Online Shopping Website 1.0. It has been rated as critical. This issue affects some unknown processing of the file /cart_add.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. |
Online Shopping Website
|
| CVE-2025-1858 | Mar 03, 2025 |
Codezips Online Shopping 1.0 SQLi in /success.php (id) remoteA vulnerability classified as critical was found in Codezips Online Shopping Website 1.0. This vulnerability affects unknown code of the file /success.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. |
Online Shopping Website
|
| CVE-2025-1856 | Mar 03, 2025 |
Codezips Gym Mgmt Sys 1.0 SQLi in gen_invoice.php IDA vulnerability was found in Codezips Gym Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /dashboard/admin/gen_invoice.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. |
Gym Management System
|
| CVE-2025-1854 | Mar 03, 2025 |
Codezips GymMgmt 1.0 Remote SQLi via admin/del_member.php (CVE-2025-1854)A vulnerability was found in Codezips Gym Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /dashboard/admin/del_member.php. The manipulation of the argument name leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. |
Gym Management System
|
| CVE-2025-1850 | Mar 03, 2025 |
Critical SQLi in Codezips College Mgmt Sys 1.0 via university.php book_nameA vulnerability, which was classified as critical, has been found in Codezips College Management System 1.0. Affected by this issue is some unknown functionality of the file /university.php. The manipulation of the argument book_name leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. |
College Management System
|
| CVE-2025-1380 | Feb 17, 2025 |
Codezips Gym Management System 1.0 - /dashboard/admin/del_plan.php SQLi RemoteA vulnerability was found in Codezips Gym Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /dashboard/admin/del_plan.php. The manipulation of the argument name leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. |
Gym Management System
|
| CVE-2025-1206 | Feb 12, 2025 |
Codezips Gym 1.0 Remote SQLi in /dashboard/admin/viewdetailroutine.phpA vulnerability was found in Codezips Gym Management System 1.0. It has been classified as critical. This affects an unknown part of the file /dashboard/admin/viewdetailroutine.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. |
Gym Management System
|
| CVE-2025-1188 | Feb 12, 2025 |
SQLi via tid in updateroutine.php of Codezips Gym Management System 1.0A vulnerability, which was classified as critical, has been found in Codezips Gym Management System 1.0. Affected by this issue is some unknown functionality of the file /dashboard/admin/updateroutine.php. The manipulation of the argument tid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. |
Gym Management System
|
| CVE-2025-1183 | Feb 12, 2025 |
CodeZips Gym Mgt Sys 1.0 - Remote SQLi via login_id in more-userprofile.phpA vulnerability has been found in CodeZips Gym Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /dashboard/admin/more-userprofile.php. The manipulation of the argument login_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. |
Gym Management System
|
| CVE-2025-0881 | Jan 30, 2025 |
Codezips Gym 1.0: SQLi via /dashboard/admin/saveroutine.php rnameA vulnerability was found in Codezips Gym Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /dashboard/admin/saveroutine.php. The manipulation of the argument rname leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. |
Gym Management System
|
| CVE-2025-0880 | Jan 30, 2025 |
Codezips Gym Mgt Sys 1.0: Critical SQLi in /dashboard/admin/updateplan.phpA vulnerability was found in Codezips Gym Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /dashboard/admin/updateplan.php. The manipulation of the argument planid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. |
Gym Management System
|
| CVE-2025-0562 | Jan 19, 2025 |
SQLi in Codezips GymMgmt 1.0 admin/health_status_entry.php (critical)A vulnerability was found in Codezips Gym Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /dashboard/admin/health_status_entry.php. The manipulation of the argument usrid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. |
Gym Management System
|
| CVE-2025-0541 | Jan 17, 2025 |
Codezips Gym Management System 1.0 SQLi in /dashboard/admin/edit_member.phpA vulnerability was found in Codezips Gym Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /dashboard/admin/edit_member.php. The manipulation of the argument name leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. |
Gym Management System
|
| CVE-2025-0535 | Jan 17, 2025 |
Codezips Gym Management 1.0 SQLi via uid in edit_mem_submit.phpA vulnerability classified as critical has been found in Codezips Gym Management System 1.0. This affects an unknown part of the file /dashboard/admin/edit_mem_submit.php. The manipulation of the argument uid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. |
Gym Management System
|
| CVE-2025-0532 | Jan 17, 2025 |
Codezips Gym Management Sys 1.0 SQLi via m_id (admin/new_submit.php)A vulnerability was found in Codezips Gym Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /dashboard/admin/new_submit.php. The manipulation of the argument m_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. |
Gym Management System
|
| CVE-2025-0336 | Jan 09, 2025 |
Codezips PMS 1.0 SQLi via /pages/forms/teacher.php (CRITICAL)A vulnerability was found in Codezips Project Management System 1.0. It has been classified as critical. This affects an unknown part of the file /pages/forms/teacher.php. The manipulation of the argument name leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. |
Project Management System
|
| CVE-2025-0233 | Jan 05, 2025 |
Codezips PMS 1.0 SQLi via /pages/forms/course.phpA vulnerability was found in Codezips Project Management System 1.0. It has been classified as critical. This affects an unknown part of the file /pages/forms/course.php. The manipulation of the argument course_name leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. |
Project Management System
|
| CVE-2025-0231 | Jan 05, 2025 |
Codezips Gym Management System 1.0 SQLi via m_id in submit_payments.phpA vulnerability has been found in Codezips Gym Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /dashboard/admin/submit_payments.php. The manipulation of the argument m_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. |
Gym Management System
|
| CVE-2025-0232 | Jan 05, 2025 |
Codezips Blood Bank Mgt Sys 1.0: SQLi via psw in /successadmin.php criticalA vulnerability was found in Codezips Blood Bank Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /successadmin.php. The manipulation of the argument psw leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. |
Blood Bank Management System
|
| CVE-2024-13025 | Dec 29, 2024 |
Codezips College Management System SQL Injection Vulnerability in faculty.phpA vulnerability was found in Codezips College Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /Front-end/faculty.php. The manipulation of the argument book_name/book_author leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. |
College Management System
|
| CVE-2024-13024 | Dec 29, 2024 |
Codezips Blood Bank Management System SQL Injection Vulnerability in campaign.phpA vulnerability was found in Codezips Blood Bank Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /campaign.php. The manipulation of the argument cname leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. |
Blood Bank Management System
|
| CVE-2024-13007 | Dec 29, 2024 |
Codezips Event Management System SQL Injection Vulnerability in contact.phpA vulnerability, which was classified as critical, was found in Codezips Event Management System 1.0. Affected is an unknown function of the file /contact.php. The manipulation of the argument title leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. |
Event Management System
|
| CVE-2024-12947 | Dec 26, 2024 |
Codezips Hospital Management System 1.0: Remote SQLi via /invo.php (dname)A vulnerability was found in Codezips Hospital Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /invo.php. The manipulation of the argument dname leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. |
Hospital Management System
|
| CVE-2024-12926 | Dec 25, 2024 |
Codezips Project Management System SQL Injection Vulnerability in Advanced Form HandlingA vulnerability classified as critical was found in Codezips Project Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /pages/forms/advanced.php. The manipulation of the argument name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. |
Project Management System
|
| CVE-2024-12884 | Dec 21, 2024 |
Codezips E-Commerce Website SQL Injection Vulnerability in login.phpA vulnerability was found in Codezips E-Commerce Website 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /login.php. The manipulation of the argument email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. |
E Commerce Site
|
| CVE-2024-12791 | Dec 19, 2024 |
Codezips E-Com 1.0: Remote SQLi in signin.php via emailA vulnerability was found in Codezips E-Commerce Site 1.0. It has been rated as critical. This issue affects some unknown processing of the file signin.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. |
E Commerce Site
|
| CVE-2024-12792 | Dec 19, 2024 |
Codezips E-Commerce 1.0 SQLi via newadmin.php email argument (remote)A vulnerability classified as critical was found in Codezips E-Commerce Site 1.0. Affected by this vulnerability is an unknown functionality of the file newadmin.php. The manipulation of the argument email leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. |
E Commerce Site
|
| CVE-2024-12794 | Dec 19, 2024 |
Codezips E-Commerce Site SQL Injection Vulnerability in editorder.phpA vulnerability, which was classified as critical, was found in Codezips E-Commerce Site 1.0. This affects an unknown part of the file /admin/editorder.php. The manipulation of the argument dstatus/quantity/ddate leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. |
E Commerce Site
|
| CVE-2024-12788 | Dec 19, 2024 |
Codezips TDForum 1.0 signinpost.php SQLi via usernameA vulnerability was found in Codezips Technical Discussion Forum 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file signinpost.php. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. |
Technical Discussion Forum
|
| CVE-2024-12484 | Dec 12, 2024 |
SQLi via Username in /signuppost.php Codezips TD Forum 1.0A vulnerability classified as critical was found in Codezips Technical Discussion Forum 1.0. This vulnerability affects unknown code of the file /signuppost.php. The manipulation of the argument Username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. |
Technical Discussion Forum
|
| CVE-2024-12231 | Dec 05, 2024 |
CodeZips PMS 1.0: SQLi via email in index.php (critical)A vulnerability, which was classified as critical, was found in CodeZips Project Management System 1.0. This affects an unknown part of the file /index.php. The manipulation of the argument email leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. |
Project Management System
|
| CVE-2024-11663 | Nov 25, 2024 |
Codezips E-Commerce Site SQL Injection Vulnerability in search.phpA vulnerability classified as critical was found in Codezips E-Commerce Site 1.0. Affected by this vulnerability is an unknown functionality of the file search.php. The manipulation of the argument keywords leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. |
E Commerce Site
|
| CVE-2024-11661 | Nov 25, 2024 |
Codezips Free Exam Hall Seating Management System: Unrestricted File Upload in Profile Image HandlerA vulnerability was found in Codezips Free Exam Hall Seating Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file profile.php of the component Profile Image Handler. The manipulation of the argument image leads to unrestricted upload. The attack can be initiated remotely. The researcher submit confuses the vulnerability class of this issue. |
Free Exam Hall Seating Management System
|
| CVE-2024-11057 | Nov 10, 2024 |
Codezips Hospital SQL Injection via ID/NameA vulnerability has been found in Codezips Hospital Appointment System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /removeBranchResult.php. The manipulation of the argument ID/Name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. |
Hospital Appointment System
|
| CVE-2024-10995 | Nov 08, 2024 |
Codezips Hospital SQL Injection via Name - November 2024A vulnerability was found in Codezips Hospital Appointment System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /removeDoctorResult.php. The manipulation of the argument Name leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. |
Hospital Appointment System
|
| CVE-2024-10993 | Nov 08, 2024 |
Codezips OIMS 1.0: Unrestricted File UploadA vulnerability, which was classified as critical, was found in Codezips Online Institute Management System 1.0. Affected is an unknown function of the file /manage_website.php. The manipulation of the argument website_image leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. |
Online Institute Management System
|
| CVE-2024-10994 | Nov 08, 2024 |
Codezips OIMS 1.0: Unrestricted File Upload in edit_user.phpA vulnerability has been found in Codezips Online Institute Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /edit_user.php. The manipulation of the argument image leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. |
Online Institute Management System
|
| CVE-2024-10991 | Nov 08, 2024 |
Codezips Hospital SQL Injection via ID - November 2024A vulnerability, which was classified as critical, has been found in Codezips Hospital Appointment System 1.0. This issue affects some unknown processing of the file /editBranchResult.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. |
Hospital Appointment System
|
| CVE-2024-10791 | Nov 04, 2024 |
Codezips Hospital SQL Injection via doctorAction.phpA vulnerability, which was classified as critical, has been found in Codezips Hospital Appointment System 1.0. This issue affects some unknown processing of the file /doctorAction.php. The manipulation of the argument Name leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory mentions contradicting file and parameter names to be affected. |
Hospital Appointment System
|
| CVE-2024-10766 | Nov 04, 2024 |
Codezips 1.0: Unrestricted File Upload in save_user.phpA vulnerability, which was classified as critical, has been found in Codezips Free Exam Hall Seating Management System 1.0. This issue affects some unknown processing of the file /pages/save_user.php. The manipulation of the argument image leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The initial researcher disclosure contains confusing vulnerability classes and file names. |
Free Exam Hall Seating Management System
|
| CVE-2024-10764 | Nov 04, 2024 |
Codezips OIMS 1.0: Unrestricted File UploadA vulnerability classified as critical has been found in Codezips Online Institute Management System 1.0. This affects an unknown part of the file /pages/save_user.php. The manipulation of the argument image leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. |
Online Institute Management System
|
| CVE-2024-10765 | Nov 04, 2024 |
Codezips OIMS 1.0 Unrestricted File UploadA vulnerability classified as critical was found in Codezips Online Institute Management System up to 1.0. This vulnerability affects unknown code of the file /profile.php. The manipulation of the argument old_image leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. |
Online Institute Management System
|
| CVE-2024-10751 | Nov 04, 2024 |
Codezips ISP Management System 1.0 pay.php SQL Injection VulnerabilityA vulnerability was found in Codezips ISP Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file pay.php. The manipulation of the argument customer leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. |
Isp Management System
|
| CVE-2024-10752 | Nov 04, 2024 |
Codezips Pet Shop Management System 1.0 SQL Injection Vulnerability in productsadd.phpA vulnerability was found in Codezips Pet Shop Management System 1.0. It has been classified as critical. This affects an unknown part of the file /productsadd.php. The manipulation of the argument id/name leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory mentions contradicting file names to be affected. |
Pet Shop Management System
|
| CVE-2024-10737 | Nov 03, 2024 |
SQL Injection Vulnerability in Codezips Free Exam Hall Seating Management System v1.0 via teacher.phA vulnerability classified as critical has been found in Codezips Free Exam Hall Seating Management System 1.0. Affected is an unknown function of the file /teacher.php. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. |
Free Exam Hall Seating Management System
|
| CVE-2024-10736 | Nov 03, 2024 |
SQL Injection Vulnerability in Codezips Free Exam Hall Seating Management System v1.0 student.phpA vulnerability was found in Codezips Free Exam Hall Seating Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /student.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. |
Free Exam Hall Seating Management System
|