Janobe
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in any Janobe product.
RSS Feeds for Janobe security vulnerabilities
Create a CVE RSS feed including security vulnerabilities found in Janobe products with stack.watch. Just hit watch, then grab your custom RSS feed url.
Products by Janobe Sorted by Most Security Vulnerabilities since 2018
By the Year
In 2026 there have been 3 vulnerabilities in Janobe with an average score of 6.3 out of ten. Last year, in 2025 Janobe had 7 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Janobe in 2026 could surpass last years number. Last year, the average CVE base score was greater by 1.38
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 3 | 6.30 |
| 2025 | 7 | 7.68 |
| 2024 | 75 | 7.86 |
| 2023 | 4 | 7.95 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 1 | 6.10 |
It may take a day or so for new Janobe vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Janobe Security Vulnerabilities
| CVE | Date | Vulnerability | Products |
|---|---|---|---|
| CVE-2026-3806 | Mar 09, 2026 |
janobe Resort Reservation System 1.0: SQLi via room_rates.phpA weakness has been identified in SourceCodester/janobe Resort Reservation System 1.0. This issue affects some unknown processing of the file /room_rates.php. This manipulation of the argument q causes sql injection. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks. |
|
| CVE-2026-3800 | Mar 09, 2026 |
Unrestricted File Upload in Janobe Resort Reservation System 1.0 (Remote)A vulnerability has been found in SourceCodester/janobe Resort Reservation System 1.0. Affected is the function doInsert of the file /controller.php?action=add. Such manipulation of the argument image leads to unrestricted upload. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. |
|
| CVE-2026-3771 | Mar 08, 2026 |
Janobe Resort Reservation System 1.0 SQLi in /accomodation.php via q paramA vulnerability has been found in SourceCodester/janobe Resort Reservation System 1.0. This vulnerability affects unknown code of the file /accomodation.php. Such manipulation of the argument q leads to sql injection. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. |
|
| CVE-2025-2687 | Mar 24, 2025 |
PHPGurukul eLearn 1.0: Image Handler unrestricted file upload (CVE-2025-2687)A vulnerability classified as critical has been found in PHPGurukul eLearning System 1.0. Affected is an unknown function of the file /user/index.php of the component Image Handler. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. |
Elearning System
|
| CVE-2025-2377 | Mar 17, 2025 |
XSS in SourceCodester Vehicle Management System 1.0 confirmbooking.phpA vulnerability was found in SourceCodester Vehicle Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /confirmbooking.php. The manipulation of the argument id leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory mentions contradicting product names. |
Vehicle Management System
|
| CVE-2025-1590 | Feb 23, 2025 |
SourceCodester E-Learning 1.0 Unrestricted Upload via index.php - CVE-2025-1590A vulnerability was found in SourceCodester E-Learning System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/modules/lesson/index.php of the component List of Lessons Page. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. |
E Learning System
|
| CVE-2025-1589 | Feb 23, 2025 |
XSS in SourceCodester E-Learning 1.0 register.php (User Reg Handler)A vulnerability was found in SourceCodester E-Learning System 1.0 and classified as problematic. This issue affects some unknown processing of the file /register.php of the component User Registration Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. |
E Learning System
|
| CVE-2025-1191 | Feb 12, 2025 |
SQL Injection in SourceCodester MRTRS 1.0 /dashboard/approve-reject.php breject_idA vulnerability was found in SourceCodester Multi Restaurant Table Reservation System 1.0 and classified as critical. This issue affects some unknown processing of the file /dashboard/approve-reject.php. The manipulation of the argument breject_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. |
Multi Restaurant Table Reservation System
|
| CVE-2025-1192 | Feb 12, 2025 |
CVE-2025-1192 SQLi via table param in SourceCodester Multi Restaurant menu.phpA vulnerability was found in SourceCodester Multi Restaurant Table Reservation System 1.0. It has been classified as critical. Affected is an unknown function of the file select-menu.php. The manipulation of the argument table leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. |
Multi Restaurant Table Reservation System
|
| CVE-2024-48245 | Jan 07, 2025 |
Vehicle Management System 1.0 SQLi via /newvehicle.php & /newdriver.phpVehicle Management System 1.0 is vulnerable to SQL Injection. A guest user can exploit vulnerable POST parameters in various administrative actions, such as booking a vehicle or confirming a booking. The affected parameters include "Booking ID", "Action Name", and "Payment Confirmation ID", which are present in /newvehicle.php and /newdriver.php. |
Vehicle Management System
|
| CVE-2024-10413 | Oct 27, 2024 |
Crit unrestricted upload via /guest/update.php in SourceCodester Hotel 1.0A vulnerability, which was classified as critical, has been found in SourceCodester Online Hotel Reservation System 1.0. Affected by this issue is the function upload of the file /guest/update.php. The manipulation of the argument image leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. |
Online Hotel Reservation System
|
| CVE-2024-10411 | Oct 27, 2024 |
SourceCodester Online Hotel Reservation 1.0 - SQLi in mod_room/controller.phpA vulnerability was found in SourceCodester Online Hotel Reservation System 1.0. It has been classified as critical. Affected is the function doCancelRoom/doCancel/doConfirm/doCancel/doCheckin/doCheckout of the file /marimar/admin/mod_room/controller.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. |
Online Hotel Reservation System
|
| CVE-2024-10410 | Oct 27, 2024 |
Unrestricted File Upload in SourceCodester Online Hotel Reservation 1.0A vulnerability classified as critical was found in SourceCodester Online Hotel Reservation System 1.0. Affected by this vulnerability is the function upload of the file /admin/mod_room/controller.php?action=add. The manipulation of the argument image leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. |
Online Hotel Reservation System
|
| CVE-2024-44812 | Oct 22, 2024 |
CVE-2024-44812: SQL Injection in Online Complaint Site 1.0 /admin.index.phpSQL Injection vulnerability in Online Complaint Site v.1.0 allows a remote attacker to escalate privileges via the username and password parameters in the /admin.index.php component. |
Online Complaint Site
|
| CVE-2024-8089 | Aug 23, 2024 |
SourceCodester E-Commerce System 1.0 Unrestricted Upload via photo ArgA vulnerability was found in SourceCodester E-Commerce System 1.0. It has been classified as critical. Affected is an unknown function of the file /ecommerce/admin/products/controller.php. The manipulation of the argument photo leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. |
E Commerce System
|
| CVE-2024-8087 | Aug 22, 2024 |
SourceCodester E-Commerce 1.0 SQLi via id param in popup_Item.phpA vulnerability was found in SourceCodester E-Commerce System 1.0 and classified as critical. This issue affects some unknown processing of the file /ecommerce/popup_Item.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. |
E Commerce System
|
| CVE-2024-8086 | Aug 22, 2024 |
SQLi in SourceCodester E-Commerce System 1.0 Admin Login (user_email)A vulnerability has been found in SourceCodester E-Commerce System 1.0 and classified as critical. This vulnerability affects unknown code of the file /ecommerce/admin/login.php of the component Admin Login. The manipulation of the argument user_email leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. |
E Commerce System
|
| CVE-2024-7947 | Aug 20, 2024 |
SQLi via email in SourceCodester PSIMS 1.0 (login.php)A vulnerability classified as critical has been found in SourceCodester Point of Sales and Inventory Management System 1.0. This affects an unknown part of the file login.php. The manipulation of the argument email leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. |
Point Sales Inventory Management System
|
| CVE-2024-33988 | Aug 06, 2024 |
CVE-2024-33988 XSS via 'Attendance' param in School Monitoring v1.0Cross-Site Scripting (XSS) vulnerability in School Attendance Monitoring System and School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the 'Attendance', 'attenddate' and 'YearLevel' parameters in '/report/attendance_print.php'. |
School Attendence Monitoring System
School Event Management System
|
| CVE-2024-33989 | Aug 06, 2024 |
SchoolEventMS v1.0 XSS via eventdate/events on port/event_print.phpCross-Site Scripting (XSS) vulnerability in School Event Management System affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted javascript payload to an authenticated user and partially take over their browser session via the 'eventdate' and 'events' parameters in 'port/event_print.php'. |
School Event Management System
|
| CVE-2024-33987 | Aug 06, 2024 |
School Attendance Monitoring System XSS via URL params (1.0)Cross-Site Scripting (XSS) vulnerability in School Attendance Monitoring System and School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the 'Attendance', 'attenddate', 'YearLevel', 'eventdate', 'events', 'Users' and 'YearLevel' parameters in '/report/index.php'. |
School Attendence Monitoring System
School Event Management System
|
| CVE-2024-33986 | Aug 06, 2024 |
School Attendance Monitoring 1.0 XSS via View param in /department/index.phpCross-Site Scripting (XSS) vulnerability in School Attendance Monitoring System and School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the 'View' parameter in '/department/index.php'. |
School Attendence Monitoring System
School Event Management System
|
| CVE-2024-33985 | Aug 06, 2024 |
XSS in School Attendance Sys v1.0 via /course/index.php View paramCross-Site Scripting (XSS) vulnerability in School Attendance Monitoring System and School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the 'View' parameter in '/course/index.php'. |
School Attendence Monitoring System
School Event Management System
|
| CVE-2024-33984 | Aug 06, 2024 |
XSS in School Attendance Monitoring 1.0 via AttendanceParams /report/index.phpCross-Site Scripting (XSS) vulnerability in School Attendance Monitoring System and School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the 'Attendance', 'attenddate' and 'YearLevel' parameters in '/AttendanceMonitoring/report/index.php'. |
School Attendence Monitoring System
School Event Management System
|
| CVE-2024-33983 | Aug 06, 2024 |
CrossSite Scripting in School Attendance Monitor 1.0 via attendance_print.phpCross-Site Scripting (XSS) vulnerability in School Attendance Monitoring System and School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the 'Attendance', 'attenddate' and 'YearLevel' parameters in '/AttendanceMonitoring/report/attendance_print.php'. |
School Attendence Monitoring System
School Event Management System
|
| CVE-2024-33982 | Aug 06, 2024 |
School Attendance Monitoring System v1.0 XSS via StudentID parameterCross-Site Scripting (XSS) vulnerability in School Attendance Monitoring System and School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the 'StudentID' parameter in '/AttendanceMonitoring/student/controller.php'. |
School Attendence Monitoring System
School Event Management System
|
| CVE-2024-33994 | Aug 06, 2024 |
XSS in School Event Management System v1.0 via 'view' paramCross-Site Scripting (XSS) vulnerability in School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain their session details via the 'view' parameter in '/event/index.php'. |
School Event Management System
|
| CVE-2024-33991 | Aug 06, 2024 |
School Event Mgmt Sys v1.0 XSS via 'view' param in eventwinner/index.phpCross-Site Scripting (XSS) vulnerability in School Event Management System affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the 'view' parameter in '/eventwinner/index.php'. |
School Event Management System
|
| CVE-2024-33992 | Aug 06, 2024 |
XSS in School Event Mgmt Sys v1.0 via 'view' paramCross-Site Scripting (XSS) vulnerability in School Event Management System affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the 'view' parameter in '/student/index.php'. |
School Event Management System
|
| CVE-2024-33993 | Aug 06, 2024 |
SEMS 1.0 XSS via 'view' param /candidate/index.phpCross-Site Scripting (XSS) vulnerability in School Event Management System affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain their session details via the 'view' parameter in /candidate/index.php'. |
School Event Management System
|
| CVE-2024-33990 | Aug 06, 2024 |
XSS in School Event Management System v1.0 via /user/index.php 'id'/'view' paramsCross-Site Scripting (XSS) vulnerability in School Event Management System affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted javascript payload to an authenticated user and partially take over their browser session via the 'id' and 'view' parameters in '/user/index.php'. |
School Event Management System
|
| CVE-2024-33961 | Aug 06, 2024 |
SQLi in PayPal Payment Module v1.0 /admin/mod_reservation/controller.phpSQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'code' in '/admin/mod_reservation/controller.php' parameter. |
School Attendence Monitoring System
School Event Management System
Paypal
And others... |
| CVE-2024-33970 | Aug 06, 2024 |
SQLi in PayPal CC/DD Payment v1.0 via /candidate/controller.php 'studid'SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'studid' in '/candidate/controller.php' parameter. |
School Attendence Monitoring System
School Event Management System
Paypal
And others... |
| CVE-2024-33969 | Aug 06, 2024 |
SQLi in AttendanceMonitoring 1.0 (PayPal/CC/DC payment /id param)SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'id' in '/AttendanceMonitoring/department/index.php' parameter. |
School Attendence Monitoring System
School Event Management System
Paypal
And others... |
| CVE-2024-33968 | Aug 06, 2024 |
SQL Injection in PayPal Payment Module v1.0 (AttendanceMonitoring/index.php)SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'Attendance' and 'YearLevel' in '/AttendanceMonitoring/report/index.php' parameter. |
School Attendence Monitoring System
School Event Management System
Paypal
And others... |
| CVE-2024-33967 | Aug 06, 2024 |
SQLi in PayPal Payment v1.0 via Attendance ReportSQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'view' in 'Attendance' and 'YearLevel' in '/AttendanceMonitoring/report/attendance_print.php' parameter. |
School Attendence Monitoring System
School Event Management System
Paypal
And others... |
| CVE-2024-33966 | Aug 06, 2024 |
SQLi in PayPal Payment Module v1.0 via xtsearch (/admin/mod_reports/index.php)SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'xtsearch' in '/admin/mod_reports/index.php' parameter. |
School Attendence Monitoring System
School Event Management System
Paypal
And others... |
| CVE-2024-33965 | Aug 06, 2024 |
SQLi in tubigangarden 1.0 mod_accomodation AdminSQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'view' in '/tubigangarden/admin/mod_accomodation/index.php' parameter. |
School Attendence Monitoring System
School Event Management System
Paypal
And others... |
| CVE-2024-33964 | Aug 06, 2024 |
SQLi in PayPal Payment Module v1.0 via /admin/mod_users/index.phpSQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'id' in '/admin/mod_users/index.php' parameter. |
School Attendence Monitoring System
School Event Management System
Paypal
And others... |
| CVE-2024-33963 | Aug 06, 2024 |
SQL injection in PayPal CC Pay Plugin 1.0 via /admin/mod_room/index.phpSQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'id' in '/admin/mod_room/index.php' parameter. |
School Attendence Monitoring System
School Event Management System
Paypal
And others... |
| CVE-2024-33962 | Aug 06, 2024 |
SQL Injection in PayPal Payment Module 1.0 via /admin/mod_reservation/index.phpSQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'code' in '/admin/mod_reservation/index.php' parameter. |
School Attendence Monitoring System
School Event Management System
Paypal
And others... |
| CVE-2024-33960 | Aug 06, 2024 |
SQLi in PayPal Payment Plugin 1.0 via /admin/mod_reports/printreport.phpSQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'end' in '/admin/mod_reports/printreport.php' parameter. |
Paypal
Credit Card
Debit Card Payment
And others... |
| CVE-2024-33972 | Aug 06, 2024 |
SQL Injection in PayPal/Credit Card Payment v1.0 via event_print.phpSQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'events' in '/report/event_print.php' parameter. |
School Attendence Monitoring System
School Event Management System
Paypal
And others... |
| CVE-2024-33973 | Aug 06, 2024 |
SQLi in PayPal Payment Module v1.0 via attendance_print.phpSQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'Attendance' and 'YearLevel' in '/report/attendance_print.php' parameter. |
School Attendence Monitoring System
School Event Management System
Paypal
And others... |
| CVE-2024-33974 | Aug 06, 2024 |
PayPal Payment Module v1.0: SQLi via /report/printlogs.phpSQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'Users in '/report/printlogs.php' parameter. |
School Attendence Monitoring System
School Event Management System
|
| CVE-2024-33971 | Aug 06, 2024 |
SQLi in PayPal Payment Gateway 1.0 via /login.php before 1.0SQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'username' in '/login.php' parameter. |
School Attendence Monitoring System
School Event Management System
Paypal
And others... |
| CVE-2024-33957 | Aug 06, 2024 |
E-Negosyo Sys 1.0 SQLi: /admin/orders/controller.phpSQL injection vulnerability in E-Negosyo System affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in 'id' in '/admin/orders/controller.php' parameter |
Young Entrepreneur E Negosyo System
|
| CVE-2024-33980 | Aug 06, 2024 |
XSS in PayPal Payment Module v1.0 via 'start' paramCross-Site Scripting (XSS) vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the 'start' parameter in '/admin/mod_reports/printreport.php'. |
Paypal
Credit Card
Debit Card Payment
And others... |
| CVE-2024-33981 | Aug 06, 2024 |
XSS in PayPal Credit Card Payment v1.0: 'start' param in /admin/mod_reports/index.phpCross-Site Scripting (XSS) vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could create a specially crafted URL and send it to a victim to obtain details of their session cookie via the 'start' parameter in '/admin/mod_reports/index.php'. |
Paypal
Credit Card
Debit Card Payment
And others... |
| CVE-2024-33959 | Aug 06, 2024 |
CVE-2024-33959: SQLi in PayPal Payment v1.0 via printreport.phpSQL injection vulnerability in PayPal, Credit Card and Debit Card Payment affecting version 1.0. An attacker could exploit this vulnerability by sending a specially crafted query to the server and retrieve all the information stored in it through the following 'categ' in '/admin/mod_reports/printreport.php' parameter. |
School Attendence Monitoring System
School Event Management System
Paypal
And others... |