Filtered by vendor Oretnom23
Subscriptions
Total
567 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-3692 | 1 Oretnom23 | 1 Online Eyewear Shop | 2025-04-29 | 2.4 Low |
| A vulnerability was found in SourceCodester Online Eyewear Shop 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /oews/classes/Master.php?f=save_product. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-3589 | 1 Oretnom23 | 1 Music Class Enrollment System | 2025-04-29 | 6.3 Medium |
| A vulnerability, which was classified as critical, was found in SourceCodester Music Class Enrollment System 1.0. Affected is an unknown function of the file /manage_class.php. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-46293 | 2 Online Medicine Ordering System Project, Oretnom23 | 2 Online Medicine Ordering System, Online Medicine Ordering System | 2025-04-28 | 9.8 Critical |
| Sourcecodester Online Medicine Ordering System 1.0 is vulnerable to Incorrect Access Control. There is a lack of authorization checks for admin operations. Specifically, an attacker can perform admin-level actions without possessing a valid session token. The application does not verify whether the user is logged in as an admin or even check for a session token at all. | ||||
| CVE-2024-52675 | 2 Oretnom23, Sourcecodester | 2 Sentiment Based Movie Rating System, Sentiment Based Movie Rating System | 2025-04-24 | 9.8 Critical |
| SourceCodester Sentiment Based Movie Rating System 1.0 is vulnerable to SQL Injection in /msrps/movies.php. | ||||
| CVE-2023-44752 | 1 Oretnom23 | 1 Student Study Center Desk Management System | 2025-04-24 | 9.8 Critical |
| An issue in Student Study Center Desk Management System v1.0 allows attackers to bypass authentication via a crafted GET request to /php-sscdms/admin/login.php. | ||||
| CVE-2022-46089 | 1 Oretnom23 | 1 Online Flight Booking Management System | 2025-04-24 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in the add-airline form of Online Flight Booking Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the airline parameter. | ||||
| CVE-2023-24204 | 1 Oretnom23 | 1 Simple Customer Relationship Management System | 2025-04-23 | 5.4 Medium |
| SQL injection vulnerability in SourceCodester Simple Customer Relationship Management System v1.0 allows attacker to execute arbitrary code via the name parameter in get-quote.php. | ||||
| CVE-2023-24203 | 1 Oretnom23 | 1 Simple Customer Relationship Management System | 2025-04-23 | 5.4 Medium |
| Cross Site Scripting vulnerability in SourceCodester Simple Customer Relationship Management System v1.0 allows attacker to execute arbitary code via the company or query parameter(s). | ||||
| CVE-2024-37858 | 2 Lost And Found Information System Project, Oretnom23 | 2 Lost And Found Information System, Lost And Found Information System | 2025-04-23 | 9.8 Critical |
| SQL Injection vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via the id parameter to php-lfis/admin/categories/manage_category.php. | ||||
| CVE-2024-37859 | 2 Oretnom23, Sourcecodester | 2 Lost And Found Information System, Lost And Found Information System | 2025-04-23 | 6.1 Medium |
| Cross Site Scripting vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via the page parameter to php-lfis/admin/index.php. | ||||
| CVE-2024-37857 | 2 Oretnom23, Sourcecodester | 2 Lost And Found Information System, Lost And Found Information System | 2025-04-23 | 8.8 High |
| SQL Injection vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via id parameter to php-lfis/admin/categories/view_category.php. | ||||
| CVE-2024-48454 | 2 Oretnom23, Purchase Order Management System Project | 2 Purchase Order Management System, Purchase Order Management System | 2025-04-23 | 7.2 High |
| An issue in SourceCodester Purchase Order Management System v1.0 allows a remote attacker to execute arbitrary code via the /admin?page=user component | ||||
| CVE-2024-57522 | 1 Oretnom23 | 1 Packers And Movers Management System | 2025-04-22 | 6.4 Medium |
| SourceCodester Packers and Movers Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in Users.php. An attacker can inject a malicious script into the username or name field during user creation. | ||||
| CVE-2024-57523 | 1 Oretnom23 | 1 Packers And Movers Management System | 2025-04-22 | 4.5 Medium |
| Cross Site Request Forgery (CSRF) in Users.php in SourceCodester Packers and Movers Management System 1.0 allows attackers to create unauthorized admin accounts via crafted requests sent to an authenticated admin user. | ||||
| CVE-2024-50766 | 2 Oretnom23, Sourcecodester | 2 Survey Application System, Survey Application System | 2025-04-22 | 9.8 Critical |
| SourceCodester Survey Application System 1.0 is vulnerable to SQL Injection in takeSurvey.php via the id parameter. | ||||
| CVE-2024-40068 | 1 Oretnom23 | 1 Online Id Generator System | 2025-04-22 | 5.9 Medium |
| Sourcecodester Online ID Generator System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at id_generator/admin/?page=templates/manage_template&id=1. | ||||
| CVE-2024-40069 | 1 Oretnom23 | 1 Online Id Generator System | 2025-04-22 | 5.4 Medium |
| Sourcecodester Online ID Generator System 1.0 was discovered to contain Stored Cross Site Scripting (XSS) via id_generator/classes/Users.php?f=save, and the point of vulnerability is in the POST parameter 'firstname' and 'lastname'. | ||||
| CVE-2024-40070 | 1 Oretnom23 | 1 Online Id Generator System | 2025-04-22 | 5.1 Medium |
| Sourcecodester Online ID Generator System 1.0 was discovered to contain an arbitrary file upload vulnerability via id_generator/classes/Users.php?f=save. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | ||||
| CVE-2024-40071 | 1 Oretnom23 | 1 Online Id Generator System | 2025-04-22 | 9.8 Critical |
| Sourcecodester Online ID Generator System 1.0 was discovered to contain an arbitrary file upload vulnerability via id_generator/classes/SystemSettings.php?f=update_settings. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | ||||
| CVE-2024-40072 | 1 Oretnom23 | 1 Online Id Generator System | 2025-04-22 | 9.8 Critical |
| Sourcecodester Online ID Generator System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at id_generator/admin/?page=generate/index&id=1. | ||||