cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2025-1166,https://securityvulnerability.io/vulnerability/CVE-2025-1166,Unrestricted File Upload Vulnerability in SourceCodester Food Menu Manager,"An unrestricted file upload vulnerability has been identified in SourceCodester Food Menu Manager version 1.0. This flaw resides in the endpoint 'update.php', which does not properly validate the files being uploaded. As a result, attackers can exploit this functionality remotely to upload arbitrary files onto the server, leading to potential malicious activities such as remote code execution and data leakage. The vulnerability has been publicly disclosed, raising significant security concerns for users of this software.",Sourcecodester,Food Menu Manager,5.3,MEDIUM,0.01,false,,false,false,true,2025-02-11T01:00:11.000Z,true,false,false,,2025-02-11T01:00:11.426Z,0
CVE-2025-1160,https://securityvulnerability.io/vulnerability/CVE-2025-1160,Default Credential Vulnerability in SourceCodester Employee Management System,"A vulnerability exists in the SourceCodester Employee Management System 1.0, specifically within the index.php file, where manipulation of the username and password arguments can lead to the exploitation of default credentials. This vulnerability allows an attacker to gain unauthorized access remotely, potentially compromising sensitive information and system integrity. As the exploit has already been publicly disclosed, immediate action to secure the affected systems is highly recommended.",Sourcecodester,Employee Management System,6.9,MEDIUM,0.01,false,,false,false,true,2025-02-10T22:31:04.000Z,true,false,false,,2025-02-10T22:31:04.690Z,0
CVE-2025-0802,https://securityvulnerability.io/vulnerability/CVE-2025-0802,Improper Access Control in SourceCodester Best Employee Management System,"A vulnerability has been identified in the SourceCodester Best Employee Management System version 1.0, specifically within the /admin/View_user.php file of the Administrative Endpoint. This issue arises from improper access controls that may allow unauthorized remote access to sensitive functionalities of the application. This vulnerability poses significant risk, as it can be exploited remotely, potentially compromising user data and system integrity. The exploit has already been disclosed and is available for public access, emphasizing the need for immediate action to mitigate potential threats.",Sourcecodester,Best Employee Management System,6.9,MEDIUM,0.0005200000014156103,false,,false,false,true,2025-01-29T02:00:14.000Z,true,false,false,,2025-01-29T02:00:14.351Z,0
CVE-2025-0294,https://securityvulnerability.io/vulnerability/CVE-2025-0294,SQL Injection Vulnerability in SourceCodester Home Clean Services Management System,"A security vulnerability has been identified in the SourceCodester Home Clean Services Management System, specifically within the '/public_html/admin/process.php' file. This vulnerability allows an attacker to manipulate the argument types and lengths related to the 'business' parameter, resulting in an SQL injection that can be executed remotely. Given that the exploit has already been made public, it poses a significant risk to users of version 1.0 of this system. Other parameters may also be susceptible, highlighting the need for immediate attention and remediation.",Sourcecodester,Home Clean Services Management System,5.1,MEDIUM,0.00044999999227002263,false,,false,false,true,2025-01-07T13:31:05.000Z,true,false,false,,2025-01-07T13:31:05.577Z,0
CVE-2025-0173,https://securityvulnerability.io/vulnerability/CVE-2025-0173,SQL Injection Vulnerability in SourceCodester Online Eyewear Shop 1.0,"A SQL injection vulnerability has been identified in the SourceCodester Online Eyewear Shop version 1.0. The issue is located in the /orders/view_order.php file, where an attacker can manipulate the 'id' parameter. This manipulation may allow unauthorized access to sensitive data, thereby compromising the application's data integrity and security. The vulnerability can be exploited remotely, making it imperative for users and administrators to take proactive measures to patch and secure their systems.",Sourcecodester,Online Eyewear Shop,5.3,MEDIUM,0.00044999999227002263,false,,false,false,true,2025-01-02T17:31:05.000Z,true,false,false,,2025-01-02T17:31:05.618Z,0
CVE-2024-13069,https://securityvulnerability.io/vulnerability/CVE-2024-13069,Cross Site Scripting Vulnerability in SourceCodester Multi Role Login System,"A cross site scripting vulnerability exists within the SourceCodester Multi Role Login System 1.0, specifically affecting the /endpoint/add-user.php file. This vulnerability is triggered by manipulating the 'name' argument, enabling attackers to execute arbitrary scripts in the context of a victim's browser. As a result, sensitive information may be exposed, and malicious actions can be performed without the user’s consent. This vulnerability can be exploited remotely, heightening the risk to systems that utilize this product. The exploit has been publicly disclosed, increasing the urgency for affected users to address this security issue promptly.",Sourcecodester,Multi Role Login System,5.3,MEDIUM,0.00044999999227002263,false,,false,false,true,2024-12-31T10:38:12.000Z,true,false,false,,2024-12-31T10:38:12.305Z,0
CVE-2024-13021,https://securityvulnerability.io/vulnerability/CVE-2024-13021,Cross-Site Scripting Vulnerability in SourceCodester Road Accident Map Marker,"A cross-site scripting vulnerability has been identified in the SourceCodester Road Accident Map Marker version 1.0. This vulnerability affects the file /endpoint/add-mark.php, where the manipulation of the parameter 'mark_name' can lead to unauthorized script execution in the user's browser. This weakness allows remote attackers to inject malicious scripts, potentially compromising user data and session integrity. The exploit is publicly disclosed and may pose a significant risk, as other vulnerable parameters could also be leveraged to initiate similar attacks.",Sourcecodester,Road Accident Map Marker,5.3,MEDIUM,0.00044999999227002263,false,,false,false,true,2024-12-29T19:31:05.000Z,true,false,false,,2024-12-29T19:31:05.923Z,0
CVE-2024-12357,https://securityvulnerability.io/vulnerability/CVE-2024-12357,File Inclusion Vulnerability in SourceCodester Best House Rental Management System,"CVE-2024-12357 identifies a significant file inclusion vulnerability in the SourceCodester Best House Rental Management System version 1.0. The flaw resides in the manipulation of the 'page' argument in the 'index.php' file, which permits attackers to include arbitrary files on the server. This vulnerability can be exploited remotely, leading to potential unauthorized access to sensitive files and critical system information. It has been publicly disclosed, raising concerns about the exposure of affected systems.",Sourcecodester,Best House Rental Management System,5.3,MEDIUM,0.0005200000014156103,false,,false,false,true,2024-12-09T04:31:09.000Z,true,false,false,,2024-12-09T04:31:09.257Z,0
CVE-2024-12355,https://securityvulnerability.io/vulnerability/CVE-2024-12355,Input Validation Flaw in SourceCodester Phone Contact Manager System,"CVE-2024-12355 represents a significant security vulnerability found in the SourceCodester Phone Contact Manager System version 1.0. The issue lies within the ContactBook::adding function located in ContactBook.cpp, where improper input validation allows for potential exploitation. This flaw requires local access to execute an attack, but due to its nature, once leveraged, it can lead to severe consequences, including unauthorized data manipulation or system compromise. The vulnerability has been publicly disclosed, increasing the urgency for users to apply necessary patches or implement mitigating controls as soon as possible.",Sourcecodester,Phone Contact Manager System,7.8,HIGH,0.0004199999966658652,false,,false,false,true,2024-12-09T01:31:07.000Z,true,false,false,,2024-12-09T01:31:07.752Z,0
CVE-2024-12354,https://securityvulnerability.io/vulnerability/CVE-2024-12354,Buffer Overflow Vulnerability in SourceCodester Phone Contact Manager System,"A critical buffer overflow vulnerability has been identified in the UserInterface::MenuDisplayStart function of the User Menu component within SourceCodester Phone Contact Manager System version 1.0. This vulnerability allows an attacker to manipulate the function, potentially leading to local code execution and unauthorized access to sensitive information. The exploit has already been disclosed, making this a pressing concern for users of the affected software. Users are strongly advised to apply necessary patches or employ mitigation strategies to protect against potential attacks.",Sourcecodester,Phone Contact Manager System,7.8,HIGH,0.0006000000284984708,false,,false,false,true,2024-12-09T01:31:05.000Z,true,false,false,,2024-12-09T01:31:05.768Z,0
CVE-2024-12353,https://securityvulnerability.io/vulnerability/CVE-2024-12353,Input Validation Flaw in SourceCodester Phone Contact Manager System,"CVE-2024-12353 is a high-risk input validation vulnerability in SourceCodester's Phone Contact Manager System version 1.0. It affects the UserInterface::MenuDisplayStart function in the User Menu component, where improper validation of user-inputted arguments can be exploited. This vulnerability requires local access to execute, exposing systems to potential unauthorized actions or data manipulation if exploited. The flaw has been publicly disclosed, which heightens its significance for users of this software. Maintaining robust input validation mechanisms is critical to mitigating the risk of such vulnerabilities.",Sourcecodester,Phone Contact Manager System,7.8,HIGH,0.0006000000284984708,false,,false,false,true,2024-12-09T01:00:19.000Z,true,false,false,,2024-12-09T01:00:19.368Z,0
CVE-2024-11860,https://securityvulnerability.io/vulnerability/CVE-2024-11860,Improper Authorization Found in SourceCodester Best House Rental Management System,"CVE-2024-11860 is a critical security vulnerability identified in the SourceCodester Best House Rental Management System version 1.0. The flaw resides in the POST request handler, specifically at the file /rental/ajax.php, where it manipulates the 'id' argument leading to improper authorization of tenant deletion actions. This vulnerability can be exploited remotely, allowing unauthorized users to delete tenant records without sufficient permissions. The exploit for this vulnerability has been publicly disclosed, emphasizing the urgent need for affected users to implement security measures or patches to protect their systems.",Sourcecodester,Best House Rental Management System,6.5,MEDIUM,0.0005300000193528831,false,,false,false,true,2024-11-27T16:31:05.000Z,true,false,false,,2024-11-27T16:31:05.325Z,0
CVE-2024-11743,https://securityvulnerability.io/vulnerability/CVE-2024-11743,Cross-Site Request Forgery Vulnerability in SourceCodester Best House Rental Management System,"CVE-2024-11743 pertains to a significant vulnerability found in the SourceCodester Best House Rental Management System 1.0. This issue arises from a flaw in the /rental/ajax.php?action=delete_user function, specifically within the POST Request Handler component. The vulnerability can be exploited through cross-site request forgery (CSRF), allowing attackers to perform unauthorized actions on behalf of authenticated users. This poses a considerable risk as it can be executed remotely, making it imperative for users and administrators to implement countermeasures swiftly following the disclosure of the exploit.",Sourcecodester,Best House Rental Management System,4.3,MEDIUM,0.0005200000014156103,false,,false,false,true,2024-11-26T20:00:16.000Z,true,false,false,,2024-11-26T20:00:16.395Z,0
CVE-2024-11742,https://securityvulnerability.io/vulnerability/CVE-2024-11742,Cross-Site Scripting Vulnerability in SourceCodester Rental Management System,"CVE-2024-11742 is a high-risk cross-site scripting (XSS) vulnerability found in SourceCodester's Best House Rental Management System version 1.0. The vulnerability is triggered through insufficient input validation in the '/rental/ajax.php?action=save_tenant' endpoint. Specifically, parameters such as 'lastname', 'firstname', and 'middlename' can be manipulated to inject malicious scripts. This allows attackers to execute arbitrary JavaScript in the user’s browser session, potentially leading to unauthorized access to sensitive data. The issue can be exploited remotely, making it critical for any users of the application to apply appropriate security measures and updates.",Sourcecodester,Best House Rental Management System,5.4,MEDIUM,0.0006600000197067857,false,,false,false,true,2024-11-26T20:00:13.000Z,true,false,false,,2024-11-26T20:00:13.454Z,0
CVE-2024-11262,https://securityvulnerability.io/vulnerability/CVE-2024-11262,Stack-based Buffer Overflow in SourceCodester Student Record Management System,"A critical vulnerability has been identified in the SourceCodester Student Record Management System version 1.0, specifically within the 'View All Student Marks' component. This vulnerability manifests as a stack-based buffer overflow that occurs in the main function. Attackers can exploit this weakness locally, potentially leading to unauthorized access or execution of arbitrary code. The details of this vulnerability have been publicly disclosed, raising concerns about the security of systems using this software. It is crucial for users to assess their systems for potential exposure and mitigate the risk.",Sourcecodester,Student Record Management System,7.8,HIGH,0.0006000000284984708,false,,false,false,true,2024-11-15T23:15:00.000Z,true,false,false,,2024-11-15T23:15:00.000Z,0
CVE-2024-11261,https://securityvulnerability.io/vulnerability/CVE-2024-11261,Memory Corruption Vulnerability in SourceCodester Student Record Management System,"A critical memory corruption vulnerability has been identified in the SourceCodester Student Record Management System version 1.0, specifically within the Number of Students Menu functionality found in the StudentRecordManagementSystem.cpp file. This vulnerability enables an attacker with local access to manipulate memory allocation, potentially leading to unauthorized actions or system crashes. The exploit details have been publicly disclosed, prompting users of the affected version to prioritize immediate remediation measures to protect their systems against potential attacks.",Sourcecodester,Student Record Management System,6.1,MEDIUM,0.0006000000284984708,false,,false,false,true,2024-11-15T22:15:00.000Z,true,false,false,,2024-11-15T22:15:00.000Z,0
CVE-2024-11102,https://securityvulnerability.io/vulnerability/CVE-2024-11102,Cross-Site Scripting Vulnerability in Hospital Management System,A vulnerability was found in SourceCodester Hospital Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /vm/doctor/edit-doc.php. The manipulation of the argument name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.,Sourcecodester,Hospital Management System,4.8,MEDIUM,0.0007200000109151006,false,,false,false,true,2024-11-12T04:00:14.000Z,true,false,false,,2024-11-12T04:00:14.685Z,0
CVE-2024-11097,https://securityvulnerability.io/vulnerability/CVE-2024-11097,Infinite Loop Vulnerability Affects SourceCodester Student Record Management System,A vulnerability has been found in SourceCodester Student Record Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the component Main Menu. The manipulation leads to infinite loop. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.,Sourcecodester,Student Record Management System,5.5,MEDIUM,0.0004199999966658652,false,,false,false,true,2024-11-12T02:00:13.000Z,true,false,false,,2024-11-12T02:00:13.839Z,0
CVE-2024-11054,https://securityvulnerability.io/vulnerability/CVE-2024-11054,Unrestricted File Upload Vulnerability in SourceCodester Simple Music Cloud System,"A significant vulnerability has been identified within the SourceCodester Simple Music Cloud Community System version 1.0, specifically in the '/music/ajax.php?action=signup' endpoint. This flaw permits an unrestricted file upload through manipulation of the 'pp' argument, leading to potential remote exploitation. Attackers may exploit this vulnerability to upload arbitrary files, which could have serious implications for the security of the affected system, including the possibility of executing malicious code and gaining unauthorized access. Given that the exploit has been publicly disclosed, it is crucial for users of this software to implement appropriate security measures and updates to mitigate the risks associated with this vulnerability.",Sourcecodester,Simple Music Cloud Community System,9.8,CRITICAL,0.0006300000241026282,false,,false,false,true,2024-11-10T09:31:14.000Z,true,false,false,,2024-11-10T09:31:14.057Z,0
CVE-2024-10990,https://securityvulnerability.io/vulnerability/CVE-2024-10990,SQL Injection Vulnerability in SourceCodester Online Veterinary Appointment System,"A significant SQL Injection vulnerability has been identified in the SourceCodester Online Veterinary Appointment System version 1.0. The flaw lies within the '/admin/services/view_service.php' file, where the manipulation of the 'id' parameter can lead to unauthorized SQL command execution. This vulnerability poses an alarming risk, as it can be exploited remotely and requires no authentication. It has been publicly disclosed and could enable attackers to access sensitive user data, alter information, or compromise the underlying database structure.",Sourcecodester,Online Veterinary Appointment System,8.8,HIGH,0.00171999994199723,false,,false,false,true,2024-11-08T04:31:05.000Z,true,false,false,,2024-11-08T04:31:05.695Z,0
CVE-2024-10559,https://securityvulnerability.io/vulnerability/CVE-2024-10559,Buffer Overflow Vulnerability in Airport Booking Management System,"A vulnerability exists within the SourceCodester Airport Booking Management System version 1.0, specifically in the Passport Number Handler function. This issue is characterized by a buffer overflow that could allow an attacker to manipulate memory resources. Local exploitation is necessary for this vulnerability to be successfully executed. With public disclosure of the exploit, urgent action is required to protect systems from potential attacks.",Sourcecodester,Airport Booking Management System,7.8,HIGH,0.0006000000284984708,false,,false,false,true,2024-10-31T02:00:14.000Z,true,false,false,,2024-10-31T02:00:14.095Z,0
CVE-2024-10422,https://securityvulnerability.io/vulnerability/CVE-2024-10422,SQL Injection Vulnerability in SourceCodester Attendance and Payroll System,"A critical SQL injection vulnerability has been identified in SourceCodester Attendance and Payroll System version 1.0. This vulnerability arises from improper handling of user input in the /admin/overtime_add.php file, specifically through the manipulation of the 'id' argument. Attackers can exploit this flaw remotely, leading to unauthorized access to the database and potential extraction or alteration of sensitive data. The vulnerability has been publicly disclosed, highlighting the urgency for affected organizations to implement necessary security measures and update their systems. For more details, you can refer to the vulnerability database and advisories.",Sourcecodester,Attendance And Payroll System,9.8,CRITICAL,0.003949999809265137,false,,false,false,true,2024-10-27T17:31:05.000Z,true,false,false,,2024-10-27T17:31:05.110Z,0
CVE-2024-10421,https://securityvulnerability.io/vulnerability/CVE-2024-10421,SQL Injection Vulnerability in SourceCodester Attendance and Payroll System,"A serious SQL injection vulnerability has been identified in SourceCodester's Attendance and Payroll System version 1.0. This security flaw is located in the overtime_row.php file and is triggered by manipulating the 'id' argument, allowing attackers to execute unauthorized SQL commands remotely. Given the nature of this vulnerability, it poses a significant risk to data integrity and confidentiality, making it crucial for users to apply recommended security measures immediately. Comprehensive remediation strategies should be employed to mitigate the potential impact of an exploit.",Sourcecodester,Attendance And Payroll System,9.8,CRITICAL,0.001820000004954636,false,,false,false,true,2024-10-27T17:00:07.000Z,true,false,false,,2024-10-27T17:00:07.072Z,0
CVE-2024-10420,https://securityvulnerability.io/vulnerability/CVE-2024-10420,File Upload Vulnerability in SourceCodester Attendance and Payroll System,"A serious file upload vulnerability has been identified in the SourceCodester Attendance and Payroll System version 1.0. The flaw exists due to inadequate validation of user inputs in the file upload feature located in update.php. The vulnerability allows unauthenticated attackers to upload malicious files, which could lead to remote code execution and full system compromise. This security issue has been made publicly known, increasing the risk of exploitation. Organizations using this software should prioritize patching or mitigating the vulnerability to protect their systems against potential attacks.",Sourcecodester,Attendance And Payroll System,9.8,CRITICAL,0.003909999970346689,false,,false,false,true,2024-10-27T15:31:04.000Z,true,false,false,,2024-10-27T15:31:04.852Z,0
CVE-2024-10413,https://securityvulnerability.io/vulnerability/CVE-2024-10413,Unrestricted File Upload Vulnerability in SourceCodester Online Hotel Reservation System,"A serious security flaw exists within the SourceCodester Online Hotel Reservation System, specifically in version 1.0, where the 'upload' function in '/guest/update.php' is susceptible to unrestricted file uploads. This vulnerability allows attackers to upload malicious files without adequate validation, potentially leading to unauthorized remote code execution. The exploit can be executed remotely, raising significant concerns for any installations of this system as it compromises the application's integrity and data security. Awareness and prompt action are crucial to mitigate the risks associated with this vulnerability.",Sourcecodester,Online Hotel Reservation System,9.8,CRITICAL,0.003909999970346689,false,,false,false,true,2024-10-27T09:31:04.000Z,true,false,false,,2024-10-27T09:31:04.379Z,0