cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2025-1169,https://securityvulnerability.io/vulnerability/CVE-2025-1169,Cross-Site Scripting Vulnerability in SourceCodester Image Compressor Tool,"A cross-site scripting (XSS) vulnerability has been discovered in SourceCodester's Image Compressor Tool 1.0, specifically affecting the file /image-compressor/compressor.php. An attacker can exploit this vulnerability by manipulating the 'image' argument, potentially leading to unauthorized execution of scripts in the context of the affected user’s browser. This vulnerability can be initiated remotely, posing a significant risk to users by exposing them to malicious scripts. The issue has been publicly disclosed, highlighting the urgent need for remediation to protect sensitive data and maintain system integrity.",Sourcecodester,Image Compressor Tool,5.1,MEDIUM,0.01,false,,false,false,false,,false,false,false,,2025-02-11T02:31:05.194Z,0
CVE-2025-1168,https://securityvulnerability.io/vulnerability/CVE-2025-1168,SQL Injection Vulnerability in SourceCodester Contact Manager,"A serious vulnerability has been identified in the SourceCodester Contact Manager, specifically in the /endpoint/delete-contact.php file. This issue arises from improper handling of the 'contact' argument, which can lead to SQL injection. An attacker can exploit this vulnerability remotely, allowing unauthorized access to database operations that may compromise user data. Given its public disclosure, immediate remediation measures are recommended to mitigate potential exploit attempts.",Sourcecodester,Contact Manager With Export To Vcf,5.3,MEDIUM,0.01,false,,false,false,false,,false,false,false,,2025-02-11T02:00:10.382Z,0
CVE-2025-1166,https://securityvulnerability.io/vulnerability/CVE-2025-1166,Unrestricted File Upload Vulnerability in SourceCodester Food Menu Manager,"An unrestricted file upload vulnerability has been identified in SourceCodester Food Menu Manager version 1.0. This flaw resides in the endpoint 'update.php', which does not properly validate the files being uploaded. As a result, attackers can exploit this functionality remotely to upload arbitrary files onto the server, leading to potential malicious activities such as remote code execution and data leakage. The vulnerability has been publicly disclosed, raising significant security concerns for users of this software.",Sourcecodester,Food Menu Manager,5.3,MEDIUM,0.01,false,,false,false,true,2025-02-11T01:00:11.000Z,true,false,false,,2025-02-11T01:00:11.426Z,0
CVE-2025-1160,https://securityvulnerability.io/vulnerability/CVE-2025-1160,Default Credential Vulnerability in SourceCodester Employee Management System,"A vulnerability exists in the SourceCodester Employee Management System 1.0, specifically within the index.php file, where manipulation of the username and password arguments can lead to the exploitation of default credentials. This vulnerability allows an attacker to gain unauthorized access remotely, potentially compromising sensitive information and system integrity. As the exploit has already been publicly disclosed, immediate action to secure the affected systems is highly recommended.",Sourcecodester,Employee Management System,6.9,MEDIUM,0.01,false,,false,false,true,2025-02-10T22:31:04.000Z,true,false,false,,2025-02-10T22:31:04.690Z,0
CVE-2024-57523,https://securityvulnerability.io/vulnerability/CVE-2024-57523,Cross Site Request Forgery in SourceCodester Packers and Movers Management System,"The vulnerability in SourceCodester Packers and Movers Management System 1.0 exploits a Cross Site Request Forgery (CSRF) flaw in Users.php, enabling attackers to create unauthorized admin accounts. By sending specially crafted requests to an authenticated admin user, an intruder can bypass authentication mechanisms, posing a significant threat to account security and application integrity. Admin users must be vigilant to safeguard against such unauthorized access.",SourceCodester,Packers and Movers Management System,4.5,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-06T00:00:00.000Z,0
CVE-2020-36084,https://securityvulnerability.io/vulnerability/CVE-2020-36084,SQL Injection Vulnerability in SourceCodester Responsive E-Learning System,"A SQL injection vulnerability exists in the SourceCodester Responsive E-Learning System 1.0, which allows remote attackers to exploit the system by injecting SQL queries through the 'id' parameter in the '/elearning/delete_teacher_students.php' endpoint. This exploitation could lead to unauthorized access to the database, potentially allowing attackers to manipulate, retrieve, or delete sensitive information.",SourceCodester,Responsive E-Learning System,9.8,CRITICAL,0.0008500000112690032,false,,false,false,false,,false,false,false,,2025-02-05T00:00:00.000Z,0
CVE-2024-57522,https://securityvulnerability.io/vulnerability/CVE-2024-57522,XSS Vulnerability in SourceCodester Packers and Movers Management System,"The SourceCodester Packers and Movers Management System v1.0 has a security flaw that allows attackers to exploit Cross Site Scripting (XSS) vulnerabilities in the Users.php file. This vulnerability enables an attacker to inject malicious scripts into the username or name fields during user creation, potentially compromising user data and executing harmful actions within the user's browser. Proper input validation and output encoding mechanisms are essential to mitigate such vulnerabilities.",SourceCodester,Packers and Movers Management System,6.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-02-03T00:00:00.000Z,0
CVE-2025-0802,https://securityvulnerability.io/vulnerability/CVE-2025-0802,Improper Access Control in SourceCodester Best Employee Management System,"A vulnerability has been identified in the SourceCodester Best Employee Management System version 1.0, specifically within the /admin/View_user.php file of the Administrative Endpoint. This issue arises from improper access controls that may allow unauthorized remote access to sensitive functionalities of the application. This vulnerability poses significant risk, as it can be exploited remotely, potentially compromising user data and system integrity. The exploit has already been disclosed and is available for public access, emphasizing the need for immediate action to mitigate potential threats.",Sourcecodester,Best Employee Management System,6.9,MEDIUM,0.0005200000014156103,false,,false,false,true,2025-01-29T02:00:14.000Z,true,false,false,,2025-01-29T02:00:14.351Z,0
CVE-2025-0800,https://securityvulnerability.io/vulnerability/CVE-2025-0800,Cross-Site Scripting Vulnerability in SourceCodester Online Courseware,"A vulnerability has been identified in SourceCodester Online Courseware 1.0, specifically in the Edit Teacher function found in the file /pcci/admin/saveeditt.php. This flaw arises from improper handling of the 'fname' argument, enabling attackers to execute malicious scripts in the context of another user's session. The vulnerability poses a significant risk as it can be exploited remotely, allowing unauthorized users to inject arbitrary JavaScript into web pages viewed by other users. The publicly disclosed nature of this exploit heightens the urgency for remediation.",Sourcecodester,Online Courseware,5.1,MEDIUM,0.0006799999973736703,false,,false,false,false,,false,false,false,,2025-01-29T01:31:05.836Z,0
CVE-2025-0464,https://securityvulnerability.io/vulnerability/CVE-2025-0464,Cross Site Scripting Vulnerability in SourceCodester Task Reminder System,"A cross site scripting vulnerability has been identified in SourceCodester's Task Reminder System, specifically within the Maintenance Section component. This issue arises from improper handling of user input in the System Name argument, allowing attackers to execute arbitrary scripts in the context of a user's browser. The vulnerability is publicly disclosed and can be exploited remotely, posing significant risks to user data and application integrity.",SourceCodester,Task Reminder System,,,0.00044999999227002263,false,,false,false,false,,false,false,false,,2025-01-14T17:15:00.000Z,0
CVE-2024-55000,https://securityvulnerability.io/vulnerability/CVE-2024-55000,Cross-Site Scripting Vulnerability in Sourcecodester House Rental Management System,"The Sourcecodester House Rental Management System version 1.0 contains a Cross-Site Scripting (XSS) vulnerability in the rental/manage_categories.php file. This flaw allows attackers to inject malicious scripts into the web application, potentially compromising user data and session information. Proper validation and sanitization measures must be implemented to mitigate risks associated with this vulnerability. For more detailed analysis, please refer to the provided documentation.",Sourcecodester,House Rental Management System,,,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-14T15:15:00.000Z,0
CVE-2024-54818,https://securityvulnerability.io/vulnerability/CVE-2024-54818,Incorrect Access Control Vulnerability in SourceCodester Computer Laboratory Management System,"The SourceCodester Computer Laboratory Management System version 1.0 is vulnerable to an incorrect access control issue, which can be exploited through the endpoint /php-lms/admin/?page=user/list. This vulnerability allows unauthorized users to gain access to restricted resources, potentially compromising sensitive information and system integrity. Proper checks should be implemented to restrict access to sensitive administrative functions.",SourceCodester,,,,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-08T19:15:00.000Z,0
CVE-2025-0294,https://securityvulnerability.io/vulnerability/CVE-2025-0294,SQL Injection Vulnerability in SourceCodester Home Clean Services Management System,"A security vulnerability has been identified in the SourceCodester Home Clean Services Management System, specifically within the '/public_html/admin/process.php' file. This vulnerability allows an attacker to manipulate the argument types and lengths related to the 'business' parameter, resulting in an SQL injection that can be executed remotely. Given that the exploit has already been made public, it poses a significant risk to users of version 1.0 of this system. Other parameters may also be susceptible, highlighting the need for immediate attention and remediation.",Sourcecodester,Home Clean Services Management System,5.1,MEDIUM,0.00044999999227002263,false,,false,false,true,2025-01-07T13:31:05.000Z,true,false,false,,2025-01-07T13:31:05.577Z,0
CVE-2025-0173,https://securityvulnerability.io/vulnerability/CVE-2025-0173,SQL Injection Vulnerability in SourceCodester Online Eyewear Shop 1.0,"A SQL injection vulnerability has been identified in the SourceCodester Online Eyewear Shop version 1.0. The issue is located in the /orders/view_order.php file, where an attacker can manipulate the 'id' parameter. This manipulation may allow unauthorized access to sensitive data, thereby compromising the application's data integrity and security. The vulnerability can be exploited remotely, making it imperative for users and administrators to take proactive measures to patch and secure their systems.",Sourcecodester,Online Eyewear Shop,5.3,MEDIUM,0.00044999999227002263,false,,false,false,true,2025-01-02T17:31:05.000Z,true,false,false,,2025-01-02T17:31:05.618Z,0
CVE-2024-13069,https://securityvulnerability.io/vulnerability/CVE-2024-13069,Cross Site Scripting Vulnerability in SourceCodester Multi Role Login System,"A cross site scripting vulnerability exists within the SourceCodester Multi Role Login System 1.0, specifically affecting the /endpoint/add-user.php file. This vulnerability is triggered by manipulating the 'name' argument, enabling attackers to execute arbitrary scripts in the context of a victim's browser. As a result, sensitive information may be exposed, and malicious actions can be performed without the user’s consent. This vulnerability can be exploited remotely, heightening the risk to systems that utilize this product. The exploit has been publicly disclosed, increasing the urgency for affected users to address this security issue promptly.",Sourcecodester,Multi Role Login System,5.3,MEDIUM,0.00044999999227002263,false,,false,false,true,2024-12-31T10:38:12.000Z,true,false,false,,2024-12-31T10:38:12.305Z,0
CVE-2024-13021,https://securityvulnerability.io/vulnerability/CVE-2024-13021,Cross-Site Scripting Vulnerability in SourceCodester Road Accident Map Marker,"A cross-site scripting vulnerability has been identified in the SourceCodester Road Accident Map Marker version 1.0. This vulnerability affects the file /endpoint/add-mark.php, where the manipulation of the parameter 'mark_name' can lead to unauthorized script execution in the user's browser. This weakness allows remote attackers to inject malicious scripts, potentially compromising user data and session integrity. The exploit is publicly disclosed and may pose a significant risk, as other vulnerable parameters could also be leveraged to initiate similar attacks.",Sourcecodester,Road Accident Map Marker,5.3,MEDIUM,0.00044999999227002263,false,,false,false,true,2024-12-29T19:31:05.000Z,true,false,false,,2024-12-29T19:31:05.923Z,0
CVE-2024-12536,https://securityvulnerability.io/vulnerability/CVE-2024-12536,Kortex Lite Advocate Office Management System 1.0 Vulnerable to Cross-Site Scripting Attacks,"A vulnerability, which was classified as problematic, has been found in SourceCodester Kortex Lite Advocate Office Management System 1.0. Affected by this issue is some unknown functionality of the file /control/client_data.php. The manipulation of the argument id leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.",Sourcecodester,Kortex Lite Advocate Office Management System,5.4,MEDIUM,0.0007200000109151006,false,,false,false,false,,,false,false,,2024-12-12T01:00:15.911Z,0
CVE-2024-12357,https://securityvulnerability.io/vulnerability/CVE-2024-12357,File Inclusion Vulnerability in SourceCodester Best House Rental Management System,"CVE-2024-12357 identifies a significant file inclusion vulnerability in the SourceCodester Best House Rental Management System version 1.0. The flaw resides in the manipulation of the 'page' argument in the 'index.php' file, which permits attackers to include arbitrary files on the server. This vulnerability can be exploited remotely, leading to potential unauthorized access to sensitive files and critical system information. It has been publicly disclosed, raising concerns about the exposure of affected systems.",Sourcecodester,Best House Rental Management System,5.3,MEDIUM,0.0005200000014156103,false,,false,false,true,2024-12-09T04:31:09.000Z,true,false,false,,2024-12-09T04:31:09.257Z,0
CVE-2024-12355,https://securityvulnerability.io/vulnerability/CVE-2024-12355,Input Validation Flaw in SourceCodester Phone Contact Manager System,"CVE-2024-12355 represents a significant security vulnerability found in the SourceCodester Phone Contact Manager System version 1.0. The issue lies within the ContactBook::adding function located in ContactBook.cpp, where improper input validation allows for potential exploitation. This flaw requires local access to execute an attack, but due to its nature, once leveraged, it can lead to severe consequences, including unauthorized data manipulation or system compromise. The vulnerability has been publicly disclosed, increasing the urgency for users to apply necessary patches or implement mitigating controls as soon as possible.",Sourcecodester,Phone Contact Manager System,7.8,HIGH,0.0004199999966658652,false,,false,false,true,2024-12-09T01:31:07.000Z,true,false,false,,2024-12-09T01:31:07.752Z,0
CVE-2024-12354,https://securityvulnerability.io/vulnerability/CVE-2024-12354,Buffer Overflow Vulnerability in SourceCodester Phone Contact Manager System,"A critical buffer overflow vulnerability has been identified in the UserInterface::MenuDisplayStart function of the User Menu component within SourceCodester Phone Contact Manager System version 1.0. This vulnerability allows an attacker to manipulate the function, potentially leading to local code execution and unauthorized access to sensitive information. The exploit has already been disclosed, making this a pressing concern for users of the affected software. Users are strongly advised to apply necessary patches or employ mitigation strategies to protect against potential attacks.",Sourcecodester,Phone Contact Manager System,7.8,HIGH,0.0006000000284984708,false,,false,false,true,2024-12-09T01:31:05.000Z,true,false,false,,2024-12-09T01:31:05.768Z,0
CVE-2024-12353,https://securityvulnerability.io/vulnerability/CVE-2024-12353,Input Validation Flaw in SourceCodester Phone Contact Manager System,"CVE-2024-12353 is a high-risk input validation vulnerability in SourceCodester's Phone Contact Manager System version 1.0. It affects the UserInterface::MenuDisplayStart function in the User Menu component, where improper validation of user-inputted arguments can be exploited. This vulnerability requires local access to execute, exposing systems to potential unauthorized actions or data manipulation if exploited. The flaw has been publicly disclosed, which heightens its significance for users of this software. Maintaining robust input validation mechanisms is critical to mitigating the risk of such vulnerabilities.",Sourcecodester,Phone Contact Manager System,7.8,HIGH,0.0006000000284984708,false,,false,false,true,2024-12-09T01:00:19.000Z,true,false,false,,2024-12-09T01:00:19.368Z,0
CVE-2024-11860,https://securityvulnerability.io/vulnerability/CVE-2024-11860,Improper Authorization Found in SourceCodester Best House Rental Management System,"CVE-2024-11860 is a critical security vulnerability identified in the SourceCodester Best House Rental Management System version 1.0. The flaw resides in the POST request handler, specifically at the file /rental/ajax.php, where it manipulates the 'id' argument leading to improper authorization of tenant deletion actions. This vulnerability can be exploited remotely, allowing unauthorized users to delete tenant records without sufficient permissions. The exploit for this vulnerability has been publicly disclosed, emphasizing the urgent need for affected users to implement security measures or patches to protect their systems.",Sourcecodester,Best House Rental Management System,6.5,MEDIUM,0.0005300000193528831,false,,false,false,true,2024-11-27T16:31:05.000Z,true,false,false,,2024-11-27T16:31:05.325Z,0
CVE-2024-11743,https://securityvulnerability.io/vulnerability/CVE-2024-11743,Cross-Site Request Forgery Vulnerability in SourceCodester Best House Rental Management System,"CVE-2024-11743 pertains to a significant vulnerability found in the SourceCodester Best House Rental Management System 1.0. This issue arises from a flaw in the /rental/ajax.php?action=delete_user function, specifically within the POST Request Handler component. The vulnerability can be exploited through cross-site request forgery (CSRF), allowing attackers to perform unauthorized actions on behalf of authenticated users. This poses a considerable risk as it can be executed remotely, making it imperative for users and administrators to implement countermeasures swiftly following the disclosure of the exploit.",Sourcecodester,Best House Rental Management System,4.3,MEDIUM,0.0005200000014156103,false,,false,false,true,2024-11-26T20:00:16.000Z,true,false,false,,2024-11-26T20:00:16.395Z,0
CVE-2024-11742,https://securityvulnerability.io/vulnerability/CVE-2024-11742,Cross-Site Scripting Vulnerability in SourceCodester Rental Management System,"CVE-2024-11742 is a high-risk cross-site scripting (XSS) vulnerability found in SourceCodester's Best House Rental Management System version 1.0. The vulnerability is triggered through insufficient input validation in the '/rental/ajax.php?action=save_tenant' endpoint. Specifically, parameters such as 'lastname', 'firstname', and 'middlename' can be manipulated to inject malicious scripts. This allows attackers to execute arbitrary JavaScript in the user’s browser session, potentially leading to unauthorized access to sensitive data. The issue can be exploited remotely, making it critical for any users of the application to apply appropriate security measures and updates.",Sourcecodester,Best House Rental Management System,5.4,MEDIUM,0.0006600000197067857,false,,false,false,true,2024-11-26T20:00:13.000Z,true,false,false,,2024-11-26T20:00:13.454Z,0
CVE-2024-52675,https://securityvulnerability.io/vulnerability/CVE-2024-52675,SQL Injection Flaw in SourceCodester Sentiment Based Movie Rating System,"The Sentiment Based Movie Rating System version 1.0 by SourceCodester is vulnerable to SQL Injection through the 'movies.php' file. This vulnerability allows an attacker to manipulate SQL queries by injecting malicious SQL code, potentially gaining access to sensitive data and compromising the integrity of the database.",SourceCodester,Sentiment Based Movie Rating System,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-19T00:00:00.000Z,0