Sourcecodester Sourcecodester

  1. Vendors
  2. Sourcecodester

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Sourcecodester product.

RSS Feeds for Sourcecodester security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Sourcecodester products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Sourcecodester Sorted by Most Security Vulnerabilities since 2018

Sourcecodester Laboratory Management System8 vulnerabilities

Sourcecodester Company Website Cms7 vulnerabilities

Sourcecodester Best House Rental Management System6 vulnerabilities

Sourcecodester Point Of Sales3 vulnerabilities

Sourcecodester Cab Management System2 vulnerabilities

Sourcecodester E Commerce Website2 vulnerabilities

Sourcecodester Simple Customer Relationship Management System2 vulnerabilities

Sourcecodester Restaurant Management System2 vulnerabilities

Sourcecodester Vehicle Management System1 vulnerability

Sourcecodester Alumni Management System1 vulnerability

Sourcecodester Travel Management System1 vulnerability

Sourcecodester Toll Tax Management System1 vulnerability

Sourcecodester Survey Application System1 vulnerability

Sourcecodester Student Grades Management System1 vulnerability

Sourcecodester Responsive Ordering System1 vulnerability

Sourcecodester News247 Cms1 vulnerability

Sourcecodester Downloading Client Database Management System1 vulnerability

Sourcecodester Computer Mobile Repair Shop Management System1 vulnerability

Sourcecodester Complaint Management System1 vulnerability

Sourcecodester Best Salon Management System1 vulnerability

By the Year

In 2026 there have been 78 vulnerabilities in Sourcecodester with an average score of 5.9 out of ten. Last year, in 2025 Sourcecodester had 132 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Sourcecodester in 2026 could surpass last years number. Last year, the average CVE base score was greater by 0.45




Year Vulnerabilities Average Score
2026 78 5.88
2025 132 6.33
2024 12 5.77
2023 1 7.20
2022 2 9.80
2021 6 8.45
2020 0 0.00
2019 2 0.00

It may take a day or so for new Sourcecodester vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Sourcecodester Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2026-4973 Mar 27, 2026
SourceCodester Online Quiz Sys 1.0 XSS via add-question.php A vulnerability was detected in SourceCodester Online Quiz System up to 1.0. Affected by this vulnerability is an unknown functionality of the file endpoint/add-question.php. Performing a manipulation of the argument quiz_question results in cross site scripting. It is possible to initiate the attack remotely. The exploit is now public and may be used.
CVE-2026-4971 Mar 27, 2026
SourceCodester Note Taking App <=1.0 CSRF via Unprotected Function A weakness has been identified in SourceCodester Note Taking App up to 1.0. This impacts an unknown function. This manipulation causes cross-site request forgery. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used for attacks.
CVE-2026-4968 Mar 27, 2026
CVE-2026-4968: SourceCodester Diary App 1.0 XSRF via diary.php A vulnerability was determined in SourceCodester Diary App 1.0. The affected element is an unknown function of the file diary.php. Executing a manipulation can lead to cross-site request forgery. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized.
CVE-2026-4839 Mar 26, 2026
SQLi in SourceCodester Food Ordering System 1.0 Parameter Handler /purchase.php custom arg A vulnerability has been found in SourceCodester Food Ordering System 1.0. This affects an unknown function of the file /purchase.php of the component Parameter Handler. The manipulation of the argument custom leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2026-4838 Mar 26, 2026
SourceCodester Malawi Online Market 1.0: Display.php SQLi via ID Remotely A flaw has been found in SourceCodester Malawi Online Market 1.0. The impacted element is an unknown function of the file /display.php. Executing a manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may be used.
CVE-2026-4826 Mar 25, 2026
SQLi in SourceCodester Sales & Inventory v1.0, /update_stock.php (GET sid) A vulnerability was determined in SourceCodester Sales and Inventory System 1.0. This vulnerability affects unknown code of the file /update_stock.php of the component HTTP GET Parameter Handler. This manipulation of the argument sid causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.
CVE-2026-4825 Mar 25, 2026
SourceCodester Sales and Inventory System 1.0: SQLi via /update_sales.php sid GET A vulnerability was found in SourceCodester Sales and Inventory System 1.0. This affects an unknown part of the file /update_sales.php of the component HTTP GET Parameter Handler. The manipulation of the argument sid results in sql injection. The attack may be launched remotely. The exploit has been made public and could be used.
CVE-2026-4781 Mar 24, 2026
SQLi via sid GET param in SourceCodester Sales 1.0 update_purchase.php A flaw has been found in SourceCodester Sales and Inventory System 1.0. The affected element is an unknown function of the file update_purchase.php of the component HTTP GET Parameter Handler. Executing a manipulation of the argument sid can lead to sql injection. The attack may be performed from remote. The exploit has been published and may be used.
CVE-2026-4780 Mar 24, 2026
SQLi in SourceCodester S&I System 1.0 via sid (update_out_standing.php) A vulnerability was detected in SourceCodester Sales and Inventory System 1.0. Impacted is an unknown function of the file update_out_standing.php of the component HTTP GET Parameter Handler. Performing a manipulation of the argument sid results in sql injection. The attack is possible to be carried out remotely. The exploit is now public and may be used.
CVE-2026-4779 Mar 24, 2026
SQLi via sid in update_customer_details.php of SC Sales & Inventory 1.0 A security vulnerability has been detected in SourceCodester Sales and Inventory System 1.0. This issue affects some unknown processing of the file update_customer_details.php of the component HTTP GET Parameter Handler. Such manipulation of the argument sid leads to sql injection. The attack can be executed remotely. The exploit has been disclosed publicly and may be used.
CVE-2026-4778 Mar 24, 2026
SQLi in SourceCodester Sales & Inventory Sys 1.0 via update_category.php sid A weakness has been identified in SourceCodester Sales and Inventory System 1.0. This vulnerability affects unknown code of the file update_category.php of the component HTTP GET Parameter Handler. This manipulation of the argument sid causes sql injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks.
CVE-2026-4777 Mar 24, 2026
SQLi in SourceCodester Sales & Inventory 1.0 (view_supplier.php) A security flaw has been discovered in SourceCodester Sales and Inventory System 1.0. This affects an unknown part of the file view_supplier.php of the component POST Parameter Handler. The manipulation of the argument searchtxt results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks.
CVE-2026-4625 Mar 24, 2026
SQLi in SourceCodester OAS 1.0 /programmes.php via program arg (remote) A flaw has been found in SourceCodester Online Admission System 1.0. This affects an unknown function of the file /programmes.php. Executing a manipulation of the argument program can lead to sql injection. The attack can be launched remotely. The exploit has been published and may be used.
CVE-2026-4624 Mar 24, 2026
SQLi via searchField in SourceCodester Online Library Management 1.0 Param Handler A vulnerability was detected in SourceCodester Online Library Management System 1.0. The impacted element is an unknown function of the file /home.php of the component Parameter Handler. Performing a manipulation of the argument searchField results in sql injection. The attack can be initiated remotely. The exploit is now public and may be used.
CVE-2026-4617 Mar 24, 2026
SourceCodester Patients Queue 1.0 Insecure ValidateToken Auth A weakness has been identified in SourceCodester Patients Waiting Area Queue Management System 1.0. The impacted element is the function ValidateToken of the file /php/api_patient_checkin.php of the component Patient Check-In Module. Executing a manipulation can lead to improper authorization. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks.
CVE-2026-4615 Mar 23, 2026
SQLi via rcode in SourceCodester OCRes 1.0 /search.php A vulnerability was identified in SourceCodester Online Catering Reservation 1.0. Impacted is an unknown function of the file /search.php. Such manipulation of the argument rcode leads to sql injection. The attack may be performed from remote. The exploit is publicly available and might be used.
CVE-2026-4613 Mar 23, 2026
SQLi in SourceCodester E-Commerce Site 1.0 /products.php Remote Vulnerability A vulnerability was found in SourceCodester E-Commerce Site 1.0. This vulnerability affects unknown code of the file /products.php. The manipulation of the argument Search results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used.
CVE-2026-4574 Mar 23, 2026
SQLi in SourceCodester Simple E-lms 1.0 User Profile Update Handler A vulnerability was detected in SourceCodester Simple E-learning System 1.0. This vulnerability affects unknown code of the component User Profile Update Handler. The manipulation of the argument firstName results in sql injection. It is possible to launch the attack remotely. The exploit is now public and may be used.
CVE-2026-4573 Mar 23, 2026
SQLi in SourceCodester Simple E-Learning System 1.0 via GET post_id A security vulnerability has been detected in SourceCodester Simple E-learning System 1.0. This affects an unknown part of the file /includes/form_handlers/delete_post.php of the component HTTP GET Parameter Handler. The manipulation of the argument post_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used.
CVE-2026-4572 Mar 23, 2026
SourceCodester Sales & Inventory System 1.0 SQLi in view_product.php A weakness has been identified in SourceCodester Sales and Inventory System 1.0. Affected by this issue is some unknown functionality of the file /view_product.php of the component HTTP POST Request Handler. Executing a manipulation of the argument searchtxt can lead to sql injection. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks.
CVE-2026-4571 Mar 23, 2026
SQLi via Manipulated POST in SourceCodester Sales & Inventory System 1.0 A security flaw has been discovered in SourceCodester Sales and Inventory System 1.0. Affected by this vulnerability is an unknown functionality of the file /view_payments.php of the component HTTP POST Request Handler. Performing a manipulation of the argument searchtxt results in sql injection. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks.
CVE-2026-4570 Mar 23, 2026
SQL Injection via view_customers.php in SourceCodester Sales & Inventory 1.0 A vulnerability was identified in SourceCodester Sales and Inventory System 1.0. Affected is an unknown function of the file /view_customers.php of the component HTTP POST Request Handler. Such manipulation of the argument searchtxt leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might be used.
CVE-2026-4569 Mar 23, 2026
SourceCodester S3 1.0 SQLi via searchtxt in view_category.php A vulnerability was determined in SourceCodester Sales and Inventory System 1.0. This impacts an unknown function of the file /view_category.php of the component HTTP POST Request Handler. This manipulation of the argument searchtxt causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.
CVE-2026-4568 Mar 23, 2026
SQLi in SourceCodester Sales & Inventory System 1.0 HTTP GET Handler A vulnerability was found in SourceCodester Sales and Inventory System 1.0. This affects an unknown function of the file /update_supplier.php of the component HTTP GET Request Handler. The manipulation of the argument sid results in sql injection. The attack may be launched remotely. The exploit has been made public and could be used. Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
CVE-2026-4013 Mar 12, 2026
Improper Auth via add_admin.php in Web-based Pharmacy Product Management System 1.0 A vulnerability was identified in SourceCodester Web-based Pharmacy Product Management System 1.0. This affects an unknown function of the file add_admin.php. Such manipulation leads to improper authorization. The attack may be launched remotely.
CVE-2026-3819 Mar 09, 2026
SourceCodester Resort Reservation System 1.0: XSS in Res. Mgt Module (ID param) A vulnerability has been found in SourceCodester Resort Reservation System 1.0. The affected element is an unknown function of the file /?page=manage_reservation of the component Reservation Management Module. Such manipulation of the argument ID leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2026-3817 Mar 09, 2026
Improper Auth in SourceCodester Patients QueueMgmt 1.0 /patient-search.php A vulnerability was detected in SourceCodester Patients Waiting Area Queue Management System 1.0. This issue affects some unknown processing of the file /patient-search.php. The manipulation results in improper authorization. The attack can be launched remotely. The exploit is now public and may be used.
CVE-2026-3806 Mar 09, 2026
janobe Resort Reservation System 1.0: SQLi via room_rates.php A weakness has been identified in SourceCodester/janobe Resort Reservation System 1.0. This issue affects some unknown processing of the file /room_rates.php. This manipulation of the argument q causes sql injection. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks.
CVE-2026-3800 Mar 09, 2026
Unrestricted File Upload in Janobe Resort Reservation System 1.0 (Remote) A vulnerability has been found in SourceCodester/janobe Resort Reservation System 1.0. Affected is the function doInsert of the file /controller.php?action=add. Such manipulation of the argument image leads to unrestricted upload. The attack can be executed remotely. The exploit has been disclosed to the public and may be used.
CVE-2026-3793 Mar 09, 2026
SQLi via GET sellid in SourceCodester Sales & Inv. Sys 1.0 A vulnerability was determined in SourceCodester Sales and Inventory System 1.0. This vulnerability affects unknown code of the file sales_invoice1.php of the component GET Parameter Handler. This manipulation of the argument sellid causes sql injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized.
CVE-2026-3792 Mar 09, 2026
SourceCodester Sales & Inventory System 1.0 SQLi via purchase_invoice.php GET Param A vulnerability was found in SourceCodester Sales and Inventory System 1.0. This affects an unknown part of the file purchase_invoice.php of the component GET Parameter Handler. The manipulation of the argument purchaseid results in sql injection. The attack may be performed from remote. The exploit has been made public and could be used.
CVE-2026-3791 Mar 09, 2026
SQL Injection in SourceCodester Sales & Inventory 1.0 Search A vulnerability has been found in SourceCodester Sales and Inventory System 1.0. Affected by this issue is some unknown functionality of the file dashboard.php of the component Search. The manipulation of the argument searchtxt leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used.
CVE-2026-3790 Mar 09, 2026
SQLi in SourceCodester Sales Inventory System 1.0 via stock_name1 A flaw has been found in SourceCodester Sales and Inventory System 1.0. Affected by this vulnerability is an unknown functionality of the file check_supplier_details.php of the component POST Parameter Handler. Executing a manipulation of the argument stock_name1 can lead to sql injection. The attack can be executed remotely. The exploit has been published and may be used.
CVE-2026-3771 Mar 08, 2026
Janobe Resort Reservation System 1.0 SQLi in /accomodation.php via q param A vulnerability has been found in SourceCodester/janobe Resort Reservation System 1.0. This vulnerability affects unknown code of the file /accomodation.php. Such manipulation of the argument q leads to sql injection. The attack may be performed from remote. The exploit has been disclosed to the public and may be used.
CVE-2026-3770 Mar 08, 2026
CSRF in SourceCodester Computer Lab Management Sys 1.0 A flaw has been found in SourceCodester Computer Laboratory Management System 1.0. This affects an unknown part. This manipulation causes cross-site request forgery. The attack is possible to be carried out remotely. The exploit has been published and may be used.
Laboratory Management System
CVE-2026-3766 Mar 08, 2026
SourceCodester Web-based Pharmacy Product Mgmt Sys 1.0 XSS via edit-profile.php A security flaw has been discovered in SourceCodester Web-based Pharmacy Product Management System 1.0. This impacts an unknown function of the file edit-profile.php. Performing a manipulation of the argument fullname results in cross site scripting. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks.
CVE-2026-3764 Mar 08, 2026
SourceCodester CMS 1.0 Improper Auth in superadmin_user_update.php Remote Exploit A vulnerability was determined in SourceCodester Client Database Management System 1.0. The impacted element is an unknown function of the file /superadmin_user_update.php. This manipulation causes improper authorization. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized.
CVE-2026-3762 Mar 08, 2026
Improper Auth in SourceCodester Client DB 1.0/3.1 via /superadmin_delete_manager.php A vulnerability has been found in SourceCodester Client Database Management System 1.0/3.1. Impacted is an unknown function of the file /superadmin_delete_manager.php of the component Endpoint. The manipulation of the argument manager_id leads to improper authorization. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2026-3761 Mar 08, 2026
Client Database Management System 1.0 Improper Auth in superadmin_user_delete A flaw has been found in SourceCodester Client Database Management System 1.0. This issue affects some unknown processing of the file /superadmin_user_delete.php of the component Endpoint. Executing a manipulation of the argument user_id can lead to improper authorization. The attack may be performed from remote. The exploit has been published and may be used.
CVE-2026-3756 Mar 08, 2026
SQLi in SourceCodester Sales & Inventory Sys <=1.0 (/check_item_details.php) A vulnerability was identified in SourceCodester Sales and Inventory System up to 1.0. Affected is an unknown function of the file /check_item_details.php. The manipulation of the argument stock_name1 leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and might be used.
CVE-2026-3755 Mar 08, 2026
SQL Injection via /check_customer_details.php in SourceCodester Sales & Inventory 1.0 A vulnerability was determined in SourceCodester Sales and Inventory System 1.0. This impacts an unknown function of the file /check_customer_details.php of the component POST Handler. Executing a manipulation of the argument stock_name1 can lead to sql injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized.
CVE-2026-3754 Mar 08, 2026
Remote SQLi in SourceCodester Sales 1.0 via /add_stock.php cost param A vulnerability was found in SourceCodester Sales and Inventory System 1.0. This affects an unknown function of the file /add_stock.php. Performing a manipulation of the argument cost results in sql injection. The attack can be initiated remotely. The exploit has been made public and could be used.
CVE-2026-3753 Mar 08, 2026
SQLi via sid param in add_sales_print.php of SC SIS <=1.0 A vulnerability has been found in SourceCodester Sales and Inventory System up to 1.0. The impacted element is an unknown function of the file /add_sales_print.php. Such manipulation of the argument sid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2026-3752 Mar 08, 2026
SourceCodester Employee Task Mgmt Sys <1.0: SQLi in /daily-task-report.php A flaw has been found in SourceCodester Employee Task Management System up to 1.0. The affected element is an unknown function of the file /daily-task-report.php of the component GET Parameter Handler. This manipulation of the argument Date causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used.
CVE-2026-3751 Mar 08, 2026
SQLi in SourceCodester EIMS 1.0 via /daily-attendance-report.php A vulnerability was detected in SourceCodester Employee Task Management System 1.0. Impacted is an unknown function of the file /daily-attendance-report.php of the component GET Parameter Handler. The manipulation of the argument Date results in sql injection. The attack may be performed from remote. The exploit is now public and may be used.
CVE-2026-3746 Mar 08, 2026
SQL Injection in SourceCodester Simple Responsive Tourism Website 1.0 Login Comp A vulnerability was determined in SourceCodester Simple Responsive Tourism Website 1.0. Affected by this vulnerability is an unknown functionality of the file /tourism/classes/Login.php?f=login of the component Login. This manipulation of the argument Username causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized.
CVE-2026-3738 Mar 08, 2026
Remote Auth Bypass SourceCodester Pet Grooming Mgmt. 1.0 Financial Report A vulnerability was identified in SourceCodester Pet Grooming Management Software 1.0. This vulnerability affects unknown code of the component Financial Report Page. The manipulation leads to improper authorization. Remote exploitation of the attack is possible. The exploit is publicly available and might be used.
CVE-2026-3737 Mar 08, 2026
SourceCodester Pet Grooming Mgmt Sw 1.0 Improper Auth in add_user.php A vulnerability was determined in SourceCodester Pet Grooming Management Software 1.0. This affects an unknown part of the file add_user.php of the component User Creation Handler. Executing a manipulation can lead to improper authorization. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized.
CVE-2026-3734 Mar 08, 2026
SourceCodester DB 1.0 Improper Auth via manager_id in fetch_manager_details.php A flaw has been found in SourceCodester Client Database Management System 1.0. Affected is an unknown function of the file /fetch_manager_details.php of the component Endpoint. This manipulation of the argument manager_id causes improper authorization. The attack can be initiated remotely. The exploit has been published and may be used.
CVE-2026-3724 Mar 08, 2026
Improper Auth in 1.0 Queue Mgt via patient_id in /checkin.php A weakness has been identified in SourceCodester Patients Waiting Area Queue Management System 1.0. This impacts an unknown function of the file /checkin.php. This manipulation of the argument patient_id causes improper authorization. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks.
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.