Fabian Fabian

  1. Vendors
  2. Fabian

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Fabian product.

RSS Feeds for Fabian security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Fabian products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Fabian Sorted by Most Security Vulnerabilities since 2018

Fabian School Fees Payment System9 vulnerabilities

Fabian Payroll Management System8 vulnerabilities

Fabian Voting System7 vulnerabilities

Fabian Online Ordering System7 vulnerabilities

Fabian Online Class Exam Scheduling System7 vulnerabilities

Fabian Online Bidding System6 vulnerabilities

Fabian Medical Store Management System4 vulnerabilities

Fabian Restaurant Order System4 vulnerabilities

Fabian Responsive Blog Site4 vulnerabilities

Fabian Food Distributor Site3 vulnerabilities

Fabian Employee Record System3 vulnerabilities

Fabian Real Estate Property Management System3 vulnerabilities

Fabian Public Chat Room3 vulnerabilities

Fabian Product Inventory System3 vulnerabilities

Fabian Hostel Management System2 vulnerabilities

Fabian Online Hotel Reservation System2 vulnerabilities

Fabian Document Management System2 vulnerabilities

Fabian Personal Diary Management System1 vulnerability

Fabian Simple Online Hotel Reservation System1 vulnerability

Fabian Simple Photo Gallery1 vulnerability

Fabian Train Ticket Reservation System1 vulnerability

Fabian Student Information Management System1 vulnerability

Fabian Theater Seat Booking System1 vulnerability

Fabian School Billing System1 vulnerability

Fabian Police Station Management System1 vulnerability

Fabian Bus Reservation System1 vulnerability

Fabian Online Shopping Store1 vulnerability

Fabian Nero Social Networking Site1 vulnerability

Fabian Clothing Store Management System1 vulnerability

Fabian Chat System1 vulnerability

By the Year

In 2026 there have been 0 vulnerabilities in Fabian. Last year, in 2025 Fabian had 83 security vulnerabilities published. Right now, Fabian is on track to have less security vulnerabilities in 2026 than it did last year.

Year Vulnerabilities Average Score
2026 0 0.00
2025 83 8.16
2024 5 8.80
2023 0 0.00
2022 2 9.80

It may take a day or so for new Fabian vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Fabian Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2025-8962 Aug 14, 2025
Stack-based Buffer Overflow in Hostel Management System 1.0 Login Form (uname) A vulnerability was found in code-projects Hostel Management System 1.0. Affected by this vulnerability is an unknown functionality of the file hostel_manage.exe of the component Login Form. The manipulation of the argument uname leads to stack-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.
Hostel Management System
CVE-2025-8964 Aug 14, 2025
Hostel Management System 1.0 Login Auth Bypass in hostel_manage.exe A vulnerability was identified in code-projects Hostel Management System 1.0. This affects an unknown part of the file hostel_manage.exe of the component Login. The manipulation leads to improper authentication. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.
Hostel Management System
CVE-2025-8930 Aug 14, 2025
SQL Injection in Medical Store Mgmt Sys 1.0 UpdateCompany.java (code-projects) A vulnerability was found in code-projects Medical Store Management System 1.0. This issue affects some unknown processing of the file UpdateCompany.java of the component Update Company Page. The manipulation of the argument companyNameTxt leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Medical Store Management System
CVE-2025-8931 Aug 14, 2025
Medical Store Management System 1.0 - Remote SQLi via ChangePassword.java A vulnerability was determined in code-projects Medical Store Management System 1.0. Affected is an unknown function of the file ChangePassword.java. The manipulation of the argument newPassTxt leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Medical Store Management System
CVE-2025-8928 Aug 13, 2025
Medical Store Management Sys 1.0 SQLi via UpdateMedicines.java A vulnerability was identified in code-projects Medical Store Management System 1.0. This affects an unknown part of the file UpdateMedicines.java of the component Update Medicines Page. The manipulation of the argument productNameTxt leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Medical Store Management System
CVE-2025-8929 Aug 13, 2025
SQLi via searchTxt in Medical Store Mgmt Sys 1.0 A vulnerability has been found in code-projects Medical Store Management System 1.0. This vulnerability affects unknown code of the file MainPanel.java. The manipulation of the argument searchTxt leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Medical Store Management System
CVE-2025-8470 Aug 02, 2025
SQLi RCE in SourceCodester Hotel Reservation System 1.0 /admin/deleteroom.php A vulnerability classified as critical was found in SourceCodester Online Hotel Reservation System 1.0. This vulnerability affects unknown code of the file /admin/deleteroom.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Online Hotel Reservation System
CVE-2025-8469 Aug 02, 2025
SourceCodester Hotel Reservation System 1.0: SQLi in /admin/deletegallery.php A vulnerability classified as critical has been found in SourceCodester Online Hotel Reservation System 1.0. This affects an unknown part of the file /admin/deletegallery.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Online Hotel Reservation System
CVE-2025-52327 Aug 01, 2025
Restaurant Order System 1.0 SQLi via payment.php Local SQL Injection vulnerability in Restaurant Order System 1.0 allows a local attacker to obtain sensitive information via the payment.php file
Restaurant Order System
CVE-2025-8433 Aug 01, 2025
Path Traversal RCE via unlink in code-projects DMS 1.0 A vulnerability was found in code-projects Document Management System 1.0 and classified as critical. This issue affects the function unlink of the file /dell.php. The manipulation of the argument ID leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Document Management System
CVE-2025-8256 Jul 28, 2025
Unrestricted File Upload in code-projects Online Ordering 1.0 /admin/product.php A vulnerability classified as critical has been found in code-projects Online Ordering System 1.0. Affected is an unknown function of the file /admin/product.php. The manipulation of the argument image leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Online Ordering System
CVE-2025-8248 Jul 28, 2025
SQLi in Online Ordering System 1.0 signup.php (CVE-2025-8248) A vulnerability classified as critical was found in code-projects Online Ordering System 1.0. This vulnerability affects unknown code of the file /signup.php. The manipulation of the argument firstname leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
Online Ordering System
CVE-2025-8236 Jul 27, 2025
Critical SQLi in code-projects Online Ordering System 1.0 /admin/edit_product.php A vulnerability was found in code-projects Online Ordering System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/edit_product.php. The manipulation of the argument Name leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Online Ordering System
CVE-2025-8235 Jul 27, 2025
Remote SQLi in code-projects Online Ordering System 1.0 admin/product.php A vulnerability was found in code-projects Online Ordering System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/product.php. The manipulation of the argument Name leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Online Ordering System
CVE-2025-8234 Jul 27, 2025
CVE-2025-8234: Code-Projects OOS 1.0 – SQLi via /admin/delete_member.php A vulnerability was found in code-projects Online Ordering System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/delete_member.php. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Online Ordering System
CVE-2025-8233 Jul 27, 2025
CVE-2025-8233 – code-projects Online Order Sys 1.0 PHP Sqli via admin/user.php Un A vulnerability has been found in code-projects Online Ordering System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/user.php. The manipulation of the argument un leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Online Ordering System
CVE-2025-8232 Jul 27, 2025
Remote SQLI in code-projects Online Ordering System 1.0 admin/delete_user.php A vulnerability, which was classified as critical, was found in code-projects Online Ordering System 1.0. Affected is an unknown function of the file /admin/delete_user.php. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Online Ordering System
CVE-2025-8174 Jul 26, 2025
Unrestricted File Upload (RCE) in code-projects Voting System 1.0 A vulnerability was found in code-projects Voting System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/candidates_add.php. The manipulation of the argument photo leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Voting System
CVE-2025-8171 Jul 25, 2025
code-projects DMS 1.0 Unrestricted Upload via /insert.php (CVE-2025-8171) A vulnerability, which was classified as critical, has been found in code-projects Document Management System 1.0. This issue affects some unknown processing of the file /insert.php. The manipulation of the argument uploaded_file leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Document Management System
CVE-2025-8164 Jul 25, 2025
Public Chat Room 1.0 SQLi in send_message.php (remote) A vulnerability has been found in code-projects Public Chat Room 1.0 and classified as critical. This vulnerability affects unknown code of the file send_message.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Public Chat Room
CVE-2025-7950 Jul 22, 2025
Public Chat Room 1.0 SQLi via Username on login.php A vulnerability was found in code-projects Public Chat Room 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /login.php. The manipulation of the argument Username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Public Chat Room
CVE-2025-7951 Jul 22, 2025
Public Chat Room 1.0 XSS in send_message.php A vulnerability classified as problematic has been found in code-projects Public Chat Room 1.0. This affects an unknown part of the file /send_message.php. The manipulation of the argument chat_msg/your_name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Public Chat Room
CVE-2025-7581 Jul 14, 2025
SQLi via ID param in /admin/positions_edit.php of VotingSystem 1.0 A vulnerability, which was classified as critical, has been found in code-projects Voting System 1.0. Affected by this issue is some unknown functionality of the file /admin/positions_edit.php. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Voting System
CVE-2025-7580 Jul 14, 2025
Voting System 1.0 SQLi via /admin/positions_row.php (CVE-2025-7580) A vulnerability classified as critical was found in code-projects Voting System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/positions_row.php. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Voting System
CVE-2025-7556 Jul 14, 2025
Critical SQLi via ID in Voting System v1.0 (Voters Edit) A vulnerability, which was classified as critical, was found in code-projects Voting System 1.0. Affected is an unknown function of the file /admin/voters_edit.php. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Voting System
CVE-2025-7558 Jul 14, 2025
Code-Projects Voting Sys 1.0 SQLi via /admin/positions_add.php – Crit A vulnerability was found in code-projects Voting System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/positions_add.php. The manipulation of the argument description leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Voting System
CVE-2025-7555 Jul 14, 2025
Voting System 1.0 SQL Injection via /admin/voters_add.php (firstname/lastname) A vulnerability, which was classified as critical, has been found in code-projects Voting System 1.0. This issue affects some unknown processing of the file /admin/voters_add.php. The manipulation of the argument firstname/lastname leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Voting System
CVE-2025-7557 Jul 14, 2025
Critical SQLi in code-projects Voting System 1.0 via /admin/voters_row.php (ID) A vulnerability has been found in code-projects Voting System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/voters_row.php. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Voting System
CVE-2025-7511 Jul 13, 2025
Chat System 1.0 - SQLi via musername in update_account.php (critical) A vulnerability was found in code-projects Chat System 1.0 and classified as critical. This issue affects some unknown processing of the file /user/update_account.php. The manipulation of the argument musername leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Chat System
CVE-2025-7178 Jul 08, 2025
Food Distributor Site 1.0 Remote SQLi via /admin/login.php A vulnerability classified as critical has been found in code-projects Food Distributor Site 1.0. This affects an unknown part of the file /admin/login.php. The manipulation of the argument Username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Food Distributor Site
CVE-2025-7166 Jul 08, 2025
SQLi in code-projects RS 1.0 via /single.php ID A vulnerability was found in code-projects Responsive Blog Site 1.0. It has been classified as critical. This affects an unknown part of the file /single.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Responsive Blog Site
CVE-2025-7167 Jul 08, 2025
SQLi CVE-2025-7167 in Responsive Blog Site 1.0 via /category.php ID A vulnerability was found in code-projects Responsive Blog Site 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /category.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Responsive Blog Site
CVE-2025-6843 Jun 29, 2025
Simple Photo Gallery 1.0: Unrestricted Remote Upload (CRITICAL) A vulnerability was found in code-projects Simple Photo Gallery 1.0. It has been classified as critical. Affected is an unknown function of the file /upload-photo.php. The manipulation of the argument file_img leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Simple Photo Gallery
CVE-2025-6842 Jun 29, 2025
Product Inventory System 1.0 – Critical SQLi via /admin/edit_user.php ID A vulnerability was found in code-projects Product Inventory System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/edit_user.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Product Inventory System
CVE-2025-6841 Jun 29, 2025
CVE-2025-6841: Code Projects PIS 1.0 SQLi via /admin/edit_product.php A vulnerability has been found in code-projects Product Inventory System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/edit_product.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Product Inventory System
CVE-2025-6840 Jun 29, 2025
Critical SQLi in Product Inventory System 1.0 Login (code-projects) A vulnerability, which was classified as critical, was found in code-projects Product Inventory System 1.0. This affects an unknown part of the file /index.php of the component Login. The manipulation of the argument Username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Product Inventory System
CVE-2025-6777 Jun 27, 2025
Food Distributor Site 1.0 – Remote SQLi via /admin/process_login.php A vulnerability, which was classified as critical, has been found in code-projects Food Distributor Site 1.0. This issue affects some unknown processing of the file /admin/process_login.php. The manipulation of the argument username/password leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Food Distributor Site
CVE-2025-6778 Jun 27, 2025
Food Distributor Site 1.0 XSS via /admin/save_settings.php A vulnerability, which was classified as problematic, was found in code-projects Food Distributor Site 1.0. Affected is an unknown function of the file /admin/save_settings.php. The manipulation of the argument site_phone/site_email/address leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Food Distributor Site
CVE-2025-6578 Jun 24, 2025
Critical SQLi in Simple Online Hotel Reservation System 1.0 via_id A vulnerability was found in code-projects Simple Online Hotel Reservation System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/delete_account.php. The manipulation of the argument admin_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Simple Online Hotel Reservation System
CVE-2025-6569 Jun 24, 2025
School Fees Payment System 1.0: XSS via /student.php (sname/emailid) A vulnerability classified as problematic was found in code-projects School Fees Payment System 1.0. Affected by this vulnerability is an unknown functionality of the file /student.php. The manipulation of the argument sname/contact/about/emailid/transcation_remark leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
School Fees Payment System
CVE-2025-6484 Jun 22, 2025
Online Shopping Store 1.0 SQLi via action.php (cat_id, brand_id, keyword) A vulnerability was found in code-projects Online Shopping Store 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /action.php. The manipulation of the argument cat_id/brand_id/keyword/proId/pid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Online Shopping Store
CVE-2025-6473 Jun 22, 2025
XSS via transaction_remark in School Fees Payment System 1.0 A vulnerability, which was classified as problematic, was found in code-projects School Fees Payment System 1.0. This affects an unknown part of the file /fees.php. The manipulation of the argument transcation_remark leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
School Fees Payment System
CVE-2025-6471 Jun 22, 2025
Online Bidding System 1.0 SQLi in /administrator via aduser (remote) A vulnerability classified as critical was found in code-projects Online Bidding System 1.0. Affected by this vulnerability is an unknown functionality of the file /administrator. The manipulation of the argument aduser leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Online Bidding System
CVE-2025-6472 Jun 22, 2025
Critical SQLi via ID in code-projects Online Bidding System 1.0 /showprod.php A vulnerability, which was classified as critical, has been found in code-projects Online Bidding System 1.0. Affected by this issue is some unknown functionality of the file /showprod.php. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Online Bidding System
CVE-2025-6470 Jun 22, 2025
Remote SQLi via /bidlog.php (ID) in code-projects ONS 1.0 A vulnerability classified as critical has been found in code-projects Online Bidding System 1.0. Affected is an unknown function of the file /bidlog.php. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Online Bidding System
CVE-2025-6469 Jun 22, 2025
SQLi in Online Bidding System 1.0 via /details.php ID A vulnerability was found in code-projects Online Bidding System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /details.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Online Bidding System
CVE-2025-6468 Jun 22, 2025
CVE-2025-6468: SQLi in code-projects Online Bidding System 1.0 /bidnow.php A vulnerability was found in code-projects Online Bidding System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /bidnow.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Online Bidding System
CVE-2025-6467 Jun 22, 2025
SQLi in code-projects Online Bidding System 1.0 /login.php (Remote) A vulnerability was found in code-projects Online Bidding System 1.0. It has been classified as critical. This affects an unknown part of the file /login.php. The manipulation of the argument User leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Online Bidding System
CVE-2025-6403 Jun 21, 2025
Critical SQLi in code-projects School Fees Payment System 1.0 A vulnerability was found in code-projects School Fees Payment System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /student.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
School Fees Payment System
CVE-2025-6353 Jun 20, 2025
CVE-2025-6353: XSS via 'keyword' in Responsive Blog 1.0 /search.php A vulnerability classified as problematic was found in code-projects Responsive Blog 1.0. Affected by this vulnerability is an unknown functionality of the file /search.php. The manipulation of the argument keyword leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Responsive Blog Site
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.