Sourcecodester Sourcecodester

  1. Vendors
  2. Sourcecodester

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Sourcecodester product.

RSS Feeds for Sourcecodester security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Sourcecodester products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Sourcecodester Sorted by Most Security Vulnerabilities since 2018

Sourcecodester Laboratory Management System8 vulnerabilities

Sourcecodester Company Website Cms7 vulnerabilities

Sourcecodester Best House Rental Management System6 vulnerabilities

Sourcecodester Point Of Sales3 vulnerabilities

Sourcecodester Simple Customer Relationship Management System3 vulnerabilities

Sourcecodester Cab Management System2 vulnerabilities

Sourcecodester E Commerce Website2 vulnerabilities

Sourcecodester Restaurant Management System2 vulnerabilities

Sourcecodester Vehicle Management System1 vulnerability

Sourcecodester Alumni Management System1 vulnerability

Sourcecodester Travel Management System1 vulnerability

Sourcecodester Toll Tax Management System1 vulnerability

Sourcecodester Survey Application System1 vulnerability

Sourcecodester Student Grades Management System1 vulnerability

Sourcecodester Responsive Ordering System1 vulnerability

Sourcecodester News247 Cms1 vulnerability

Sourcecodester Downloading Client Database Management System1 vulnerability

Sourcecodester Computer Mobile Repair Shop Management System1 vulnerability

Sourcecodester Complaint Management System1 vulnerability

Sourcecodester Best Salon Management System1 vulnerability

By the Year

In 2026 there have been 97 vulnerabilities in Sourcecodester with an average score of 5.9 out of ten. Last year, in 2025 Sourcecodester had 132 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Sourcecodester in 2026 could surpass last years number. Last year, the average CVE base score was greater by 0.44




Year Vulnerabilities Average Score
2026 97 5.89
2025 132 6.33
2024 12 5.77
2023 1 7.20
2022 2 9.80
2021 6 8.45
2020 0 0.00
2019 2 0.00

It may take a day or so for new Sourcecodester vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Sourcecodester Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2026-6189 Apr 13, 2026
SourceCodester Pharmacy 1.0 SQLi via /ajax.php/login A vulnerability has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. The affected element is an unknown function of the file /ajax.php?action=login. Such manipulation of the argument Username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2026-6188 Apr 13, 2026
SQL Injection in SourceCodester Pharmacy Sales & Inventory System 1.0 delete_sales A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. Impacted is an unknown function of the file /ajax.php?action=delete_sales. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used.
CVE-2026-6187 Apr 13, 2026
SQLi in SourceCodester Pharmacy Sales & Inv System 1.0 via /ajax.php A vulnerability was detected in SourceCodester Pharmacy Sales and Inventory System 1.0. This issue affects some unknown processing of the file /ajax.php?action=chk_prod_availability. The manipulation of the argument ID results in sql injection. The attack may be performed from remote. The exploit is now public and may be used.
CVE-2026-5812 Apr 08, 2026
Business Logic Flaw in SourceCodester Pharmacy PMS 1.0 (add-sales.php) A security flaw has been discovered in SourceCodester Pharmacy Product Management System 1.0. This affects an unknown part of the file add-sales.php of the component POST Parameter Handler. Performing a manipulation of the argument txtqty results in business logic errors. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks.
CVE-2026-5811 Apr 08, 2026
Business Logic Error: Price Manipulation in SourceCodester OOS 1.0 A vulnerability was identified in SourceCodester Online Food Ordering System 1.0. Affected by this issue is the function save_product of the file /Actions.php of the component POST Parameter Handler. Such manipulation of the argument price leads to business logic errors. The attack may be performed from remote. The exploit is publicly available and might be used.
CVE-2026-5810 Apr 08, 2026
CVE-2026-5810 XSS in SourceCodester Sales & Inventory System 1.0 GET Param Handler A flaw has been found in SourceCodester Sales and Inventory System 1.0. Affected is an unknown function of the file /delete.php of the component GET Parameter Handler. This manipulation of the argument ID causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been published and may be used.
CVE-2026-5576 Apr 05, 2026
Unrestricted File Upload in SourceCodester Record Mgmt. Sys 1.0 (Add Emp Page) A flaw has been found in SourceCodester/jkev Record Management System 1.0. Affected by this issue is some unknown functionality of the file save_emp.php of the component Add Employee Page. This manipulation causes unrestricted upload. Remote exploitation of the attack is possible. The exploit has been published and may be used.
CVE-2026-5575 Apr 05, 2026
SourceCodester/jkev RManagement System 1.0 SQLi in index.php Login A vulnerability was detected in SourceCodester/jkev Record Management System 1.0. Affected by this vulnerability is an unknown functionality of the file index.php of the component Login. The manipulation of the argument Username results in sql injection. The attack may be launched remotely. The exploit is now public and may be used.
CVE-2026-5531 Apr 05, 2026
Cleartext Storage in SourceCodester Student Result Mgmt Sys 1.0 HTTP GET Handler A vulnerability has been found in SourceCodester Student Result Management System 1.0. Impacted is an unknown function of the file /login_credentials.txt of the component HTTP GET Request Handler. The manipulation leads to cleartext storage in a file or on disk. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2026-5330 Apr 02, 2026
Impr Acc Ctrl in User Delete Handler of Mayuri K BCS 1.0 A vulnerability was found in SourceCodester/mayuri_k Best Courier Management System 1.0. Affected by this issue is some unknown functionality of the file /ajax.php?action=delete_user of the component User Delete Handler. Performing a manipulation of the argument ID results in improper access controls. The attack may be initiated remotely. The exploit has been made public and could be used.
CVE-2026-5326 Apr 02, 2026
SourceCodester Leave Appl Sys 1.0: ID-Based Auth Bypass in User Info Handler (PHP) A vulnerability was identified in SourceCodester Leave Application System 1.0. Impacted is an unknown function of the file /index.php?page=manage_user of the component User Information Handler. Such manipulation of the argument ID leads to authorization bypass. The attack can be executed remotely. The exploit is publicly available and might be used.
CVE-2026-5325 Apr 02, 2026
SourceCodester Simple CRM 1.0: XSS in Create Ticket /create-ticket.php A vulnerability was determined in SourceCodester Simple Customer Relationship Management System 1.0. This issue affects some unknown processing of the file /create-ticket.php of the component Create Ticket. This manipulation of the argument Description causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.
Simple Customer Relationship Management System
CVE-2026-5210 Mar 31, 2026
CVE-2026-5210: SourceCodester L.A.S 1.0 RFi via argument page, file inclusion A vulnerability was detected in SourceCodester Leave Application System 1.0. This affects an unknown part. Performing a manipulation of the argument page results in file inclusion. Remote exploitation of the attack is possible. The exploit is now public and may be used.
CVE-2026-5209 Mar 31, 2026
SRC Leave App 1.0 XSS via User Mgmt Handler A security vulnerability has been detected in SourceCodester Leave Application System 1.0. Affected by this issue is some unknown functionality of the component User Management Handler. Such manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed publicly and may be used.
CVE-2026-5182 Mar 31, 2026
SQL Injection in SourceCodester Teacher Record System 1.0 Parameter Handler A vulnerability was found in SourceCodester Teacher Record System 1.0. Impacted is an unknown function of the file Teacher Record System of the component Parameter Handler. Performing a manipulation of the argument searchteacher results in sql injection. It is possible to initiate the attack remotely. The exploit has been made public and could be used.
CVE-2026-5181 Mar 31, 2026
Simple Doctors Appointment System <=1.0 Unrestricted File Upload via ajax.php A vulnerability has been found in SourceCodester Simple Doctors Appointment System up to 1.0. This issue affects some unknown processing of the file /doctors_appointment/admin/ajax.php?action=save_category. Such manipulation of the argument img leads to unrestricted upload. The attack may be performed from remote. The exploit has been disclosed to the public and may be used.
CVE-2026-5180 Mar 31, 2026
Remote SQLi via email in SourceCodester Simple Doctor App 1.0 - /admin/ajax.php A flaw has been found in SourceCodester Simple Doctors Appointment System 1.0. This vulnerability affects unknown code of the file /admin/ajax.php?action=login2. This manipulation of the argument email causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may be used.
CVE-2026-5179 Mar 31, 2026
SQL Injection in SourceCodester Simple Doctors Appointment System 1.0 /admin/login.php A vulnerability was detected in SourceCodester Simple Doctors Appointment System 1.0. This affects an unknown part of the file /admin/login.php. The manipulation of the argument Username results in sql injection. The attack can be executed remotely. The exploit is now public and may be used.
CVE-2026-5126 Mar 30, 2026
SourceCodester RSS Parser 1.0 SSRF via file_get_contents A flaw has been found in SourceCodester RSS Feed Parser 1.0. Affected by this issue is the function file_get_contents. This manipulation causes server-side request forgery. The attack is possible to be carried out remotely. The exploit has been published and may be used.
CVE-2026-4973 Mar 27, 2026
SourceCodester Online Quiz Sys 1.0 XSS via add-question.php A vulnerability was detected in SourceCodester Online Quiz System up to 1.0. Affected by this vulnerability is an unknown functionality of the file endpoint/add-question.php. Performing a manipulation of the argument quiz_question results in cross site scripting. It is possible to initiate the attack remotely. The exploit is now public and may be used.
CVE-2026-4971 Mar 27, 2026
SourceCodester Note Taking App <=1.0 CSRF via Unprotected Function A weakness has been identified in SourceCodester Note Taking App up to 1.0. This impacts an unknown function. This manipulation causes cross-site request forgery. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used for attacks.
CVE-2026-4968 Mar 27, 2026
CVE-2026-4968: SourceCodester Diary App 1.0 XSRF via diary.php A vulnerability was determined in SourceCodester Diary App 1.0. The affected element is an unknown function of the file diary.php. Executing a manipulation can lead to cross-site request forgery. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized.
CVE-2026-4839 Mar 26, 2026
SQLi in SourceCodester Food Ordering System 1.0 Parameter Handler /purchase.php custom arg A vulnerability has been found in SourceCodester Food Ordering System 1.0. This affects an unknown function of the file /purchase.php of the component Parameter Handler. The manipulation of the argument custom leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2026-4838 Mar 26, 2026
SourceCodester Malawi Online Market 1.0: Display.php SQLi via ID Remotely A flaw has been found in SourceCodester Malawi Online Market 1.0. The impacted element is an unknown function of the file /display.php. Executing a manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may be used.
CVE-2026-4826 Mar 25, 2026
SQLi in SourceCodester Sales & Inventory v1.0, /update_stock.php (GET sid) A vulnerability was determined in SourceCodester Sales and Inventory System 1.0. This vulnerability affects unknown code of the file /update_stock.php of the component HTTP GET Parameter Handler. This manipulation of the argument sid causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.
CVE-2026-4825 Mar 25, 2026
SourceCodester Sales and Inventory System 1.0: SQLi via /update_sales.php sid GET A vulnerability was found in SourceCodester Sales and Inventory System 1.0. This affects an unknown part of the file /update_sales.php of the component HTTP GET Parameter Handler. The manipulation of the argument sid results in sql injection. The attack may be launched remotely. The exploit has been made public and could be used.
CVE-2026-4781 Mar 24, 2026
SQLi via sid GET param in SourceCodester Sales 1.0 update_purchase.php A flaw has been found in SourceCodester Sales and Inventory System 1.0. The affected element is an unknown function of the file update_purchase.php of the component HTTP GET Parameter Handler. Executing a manipulation of the argument sid can lead to sql injection. The attack may be performed from remote. The exploit has been published and may be used.
CVE-2026-4780 Mar 24, 2026
SQLi in SourceCodester S&I System 1.0 via sid (update_out_standing.php) A vulnerability was detected in SourceCodester Sales and Inventory System 1.0. Impacted is an unknown function of the file update_out_standing.php of the component HTTP GET Parameter Handler. Performing a manipulation of the argument sid results in sql injection. The attack is possible to be carried out remotely. The exploit is now public and may be used.
CVE-2026-4779 Mar 24, 2026
SQLi via sid in update_customer_details.php of SC Sales & Inventory 1.0 A security vulnerability has been detected in SourceCodester Sales and Inventory System 1.0. This issue affects some unknown processing of the file update_customer_details.php of the component HTTP GET Parameter Handler. Such manipulation of the argument sid leads to sql injection. The attack can be executed remotely. The exploit has been disclosed publicly and may be used.
CVE-2026-4778 Mar 24, 2026
SQLi in SourceCodester Sales & Inventory Sys 1.0 via update_category.php sid A weakness has been identified in SourceCodester Sales and Inventory System 1.0. This vulnerability affects unknown code of the file update_category.php of the component HTTP GET Parameter Handler. This manipulation of the argument sid causes sql injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks.
CVE-2026-4777 Mar 24, 2026
SQLi in SourceCodester Sales & Inventory 1.0 (view_supplier.php) A security flaw has been discovered in SourceCodester Sales and Inventory System 1.0. This affects an unknown part of the file view_supplier.php of the component POST Parameter Handler. The manipulation of the argument searchtxt results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks.
CVE-2026-4625 Mar 24, 2026
SQLi in SourceCodester OAS 1.0 /programmes.php via program arg (remote) A flaw has been found in SourceCodester Online Admission System 1.0. This affects an unknown function of the file /programmes.php. Executing a manipulation of the argument program can lead to sql injection. The attack can be launched remotely. The exploit has been published and may be used.
CVE-2026-4624 Mar 24, 2026
SQLi via searchField in SourceCodester Online Library Management 1.0 Param Handler A vulnerability was detected in SourceCodester Online Library Management System 1.0. The impacted element is an unknown function of the file /home.php of the component Parameter Handler. Performing a manipulation of the argument searchField results in sql injection. The attack can be initiated remotely. The exploit is now public and may be used.
CVE-2026-4617 Mar 24, 2026
SourceCodester Patients Queue 1.0 Insecure ValidateToken Auth A weakness has been identified in SourceCodester Patients Waiting Area Queue Management System 1.0. The impacted element is the function ValidateToken of the file /php/api_patient_checkin.php of the component Patient Check-In Module. Executing a manipulation can lead to improper authorization. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks.
CVE-2026-4615 Mar 23, 2026
SQLi via rcode in SourceCodester OCRes 1.0 /search.php A vulnerability was identified in SourceCodester Online Catering Reservation 1.0. Impacted is an unknown function of the file /search.php. Such manipulation of the argument rcode leads to sql injection. The attack may be performed from remote. The exploit is publicly available and might be used.
CVE-2026-4613 Mar 23, 2026
SQLi in SourceCodester E-Commerce Site 1.0 /products.php Remote Vulnerability A vulnerability was found in SourceCodester E-Commerce Site 1.0. This vulnerability affects unknown code of the file /products.php. The manipulation of the argument Search results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used.
CVE-2026-4574 Mar 23, 2026
SQLi in SourceCodester Simple E-lms 1.0 User Profile Update Handler A vulnerability was detected in SourceCodester Simple E-learning System 1.0. This vulnerability affects unknown code of the component User Profile Update Handler. The manipulation of the argument firstName results in sql injection. It is possible to launch the attack remotely. The exploit is now public and may be used.
CVE-2026-4573 Mar 23, 2026
SQLi in SourceCodester Simple E-Learning System 1.0 via GET post_id A security vulnerability has been detected in SourceCodester Simple E-learning System 1.0. This affects an unknown part of the file /includes/form_handlers/delete_post.php of the component HTTP GET Parameter Handler. The manipulation of the argument post_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used.
CVE-2026-4572 Mar 23, 2026
SourceCodester Sales & Inventory System 1.0 SQLi in view_product.php A weakness has been identified in SourceCodester Sales and Inventory System 1.0. Affected by this issue is some unknown functionality of the file /view_product.php of the component HTTP POST Request Handler. Executing a manipulation of the argument searchtxt can lead to sql injection. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks.
CVE-2026-4571 Mar 23, 2026
SQLi via Manipulated POST in SourceCodester Sales & Inventory System 1.0 A security flaw has been discovered in SourceCodester Sales and Inventory System 1.0. Affected by this vulnerability is an unknown functionality of the file /view_payments.php of the component HTTP POST Request Handler. Performing a manipulation of the argument searchtxt results in sql injection. The attack is possible to be carried out remotely. The exploit has been released to the public and may be used for attacks.
CVE-2026-4570 Mar 23, 2026
SQL Injection via view_customers.php in SourceCodester Sales & Inventory 1.0 A vulnerability was identified in SourceCodester Sales and Inventory System 1.0. Affected is an unknown function of the file /view_customers.php of the component HTTP POST Request Handler. Such manipulation of the argument searchtxt leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might be used.
CVE-2026-4569 Mar 23, 2026
SourceCodester S3 1.0 SQLi via searchtxt in view_category.php A vulnerability was determined in SourceCodester Sales and Inventory System 1.0. This impacts an unknown function of the file /view_category.php of the component HTTP POST Request Handler. This manipulation of the argument searchtxt causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.
CVE-2026-4568 Mar 23, 2026
SQLi in SourceCodester Sales & Inventory System 1.0 HTTP GET Handler A vulnerability was found in SourceCodester Sales and Inventory System 1.0. This affects an unknown function of the file /update_supplier.php of the component HTTP GET Request Handler. The manipulation of the argument sid results in sql injection. The attack may be launched remotely. The exploit has been made public and could be used.
CVE-2026-4013 Mar 12, 2026
Improper Auth via add_admin.php in Web-based Pharmacy Product Management System 1.0 A vulnerability was identified in SourceCodester Web-based Pharmacy Product Management System 1.0. This affects an unknown function of the file add_admin.php. Such manipulation leads to improper authorization. The attack may be launched remotely.
CVE-2026-3819 Mar 09, 2026
SourceCodester Resort Reservation System 1.0: XSS in Res. Mgt Module (ID param) A vulnerability has been found in SourceCodester Resort Reservation System 1.0. The affected element is an unknown function of the file /?page=manage_reservation of the component Reservation Management Module. Such manipulation of the argument ID leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2026-3817 Mar 09, 2026
Improper Auth in SourceCodester Patients QueueMgmt 1.0 /patient-search.php A vulnerability was detected in SourceCodester Patients Waiting Area Queue Management System 1.0. This issue affects some unknown processing of the file /patient-search.php. The manipulation results in improper authorization. The attack can be launched remotely. The exploit is now public and may be used.
CVE-2026-3806 Mar 09, 2026
janobe Resort Reservation System 1.0: SQLi via room_rates.php A weakness has been identified in SourceCodester/janobe Resort Reservation System 1.0. This issue affects some unknown processing of the file /room_rates.php. This manipulation of the argument q causes sql injection. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks.
CVE-2026-3800 Mar 09, 2026
Unrestricted File Upload in Janobe Resort Reservation System 1.0 (Remote) A vulnerability has been found in SourceCodester/janobe Resort Reservation System 1.0. Affected is the function doInsert of the file /controller.php?action=add. Such manipulation of the argument image leads to unrestricted upload. The attack can be executed remotely. The exploit has been disclosed to the public and may be used.
CVE-2026-3793 Mar 09, 2026
SQLi via GET sellid in SourceCodester Sales & Inv. Sys 1.0 A vulnerability was determined in SourceCodester Sales and Inventory System 1.0. This vulnerability affects unknown code of the file sales_invoice1.php of the component GET Parameter Handler. This manipulation of the argument sellid causes sql injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized.
CVE-2026-3792 Mar 09, 2026
SourceCodester Sales & Inventory System 1.0 SQLi via purchase_invoice.php GET Param A vulnerability was found in SourceCodester Sales and Inventory System 1.0. This affects an unknown part of the file purchase_invoice.php of the component GET Parameter Handler. The manipulation of the argument purchaseid results in sql injection. The attack may be performed from remote. The exploit has been made public and could be used.
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.