ReportizFlow
Filtered by vendor Code-projects
Subscriptions
Total
1024 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-70151 | 2 Code-projects, Fabian | 2 Scholars Tracking System, Scholars Tracking System | 2026-02-23 | 8.8 High |
| code-projects Scholars Tracking System 1.0 allows an authenticated attacker to achieve remote code execution via unrestricted file upload. The endpoints update_profile_picture.php and upload_picture.php store uploaded files in a web-accessible uploads/ directory using the original, user-supplied filename without validating the file type or extension. By uploading a PHP file and then requesting it from /uploads/, an attacker can execute arbitrary PHP code as the web server user. | ||||
| CVE-2025-15409 | 2 Anisha, Code-projects | 2 Online Guitar Store, Online Guitar Store | 2026-02-23 | 7.3 High |
| A vulnerability was determined in code-projects Online Guitar Store 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/Delete_product.php. Executing a manipulation of the argument del_pro can lead to sql injection. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2025-15408 | 2 Anisha, Code-projects | 2 Online Guitar Store, Online Guitar Store | 2026-02-23 | 7.3 High |
| A vulnerability was found in code-projects Online Guitar Store 1.0. Affected is an unknown function of the file /admin/Create_product.php. Performing a manipulation of the argument dre_title results in sql injection. The attack is possible to be carried out remotely. The exploit has been made public and could be used. | ||||
| CVE-2026-0586 | 2 Code-projects, Fabian | 2 Online Product Reservation System, Online Product Reservation System | 2026-02-23 | 4.3 Medium |
| A vulnerability was detected in code-projects Online Product Reservation System 1.0. The affected element is an unknown function of the file handgunner-administrator/prod.php. Performing a manipulation of the argument cat results in cross site scripting. The attack is possible to be carried out remotely. The exploit is now public and may be used. | ||||
| CVE-2025-15410 | 2 Anisha, Code-projects | 2 Online Guitar Store, Online Guitar Store | 2026-02-23 | 7.3 High |
| A vulnerability was identified in code-projects Online Guitar Store 1.0. Affected by this issue is some unknown functionality of the file /login.php. The manipulation of the argument L_email leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. | ||||
| CVE-2025-15407 | 2 Anisha, Code-projects | 2 Online Guitar Store, Online Guitar Store | 2026-02-23 | 7.3 High |
| A vulnerability has been found in code-projects Online Guitar Store 1.0. This impacts an unknown function of the file /admin/Create_category.php. Such manipulation of the argument dre_Ctitle leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-69565 | 2 Code-projects, Fabian | 2 Mobile Shop Management System, Mobile Shop Management System | 2026-02-18 | 9.8 Critical |
| code-projects Mobile Shop Management System 1.0 is vulnerable to File Upload in /ExAddProduct.php. | ||||
| CVE-2025-69559 | 2 Carmelo, Code-projects | 2 Computer Book Store, Computer Book Store | 2026-02-03 | 9.8 Critical |
| code-projects Computer Book Store 1.0 is vulnerable to File Upload in admin_add.php. | ||||
| CVE-2025-69562 | 2 Code-projects, Fabian | 2 Mobile Shop Management System, Mobile Shop Management System | 2026-02-03 | 9.8 Critical |
| code-projects Mobile Shop Management System 1.0 is vulnerable to SQL Injection in /insertmessage.php via the userid parameter. | ||||
| CVE-2025-69563 | 2 Code-projects, Fabian | 2 Mobile Shop Management System, Mobile Shop Management System | 2026-02-03 | 9.8 Critical |
| code-projects Mobile Shop Management System 1.0 is vulnerable to SQL Injection in /ExLogin.php via the Password parameter. | ||||
| CVE-2025-69564 | 2 Code-projects, Fabian | 2 Mobile Shop Management System, Mobile Shop Management System | 2026-02-02 | 9.8 Critical |
| code-projects Mobile Shop Management System 1.0 is vulnerable to SQL Injection in /ExAddNewUser.php via the Name, Address, email, UserName, Password, confirm_password, Role, Branch, and Activate parameters. | ||||
| CVE-2024-25218 | 1 Code-projects | 1 Task Manager | 2026-01-27 | 4.6 Medium |
| A cross-site scripting (XSS) vulnerability in Task Manager App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Project Name parameter /TaskManager/Projects.php. | ||||
| CVE-2024-25220 | 1 Code-projects | 1 Task Manager | 2026-01-27 | 9.8 Critical |
| Task Manager App v1.0 was discovered to contain a SQL injection vulnerability via the taskID parameter at /TaskManager/EditTask.php. | ||||
| CVE-2024-25222 | 2 Code-projects, Task Manager In Php With Source Code Project | 2 Task Manager, Task Manager In Php With Source Code | 2026-01-27 | 9.8 Critical |
| Task Manager App v1.0 was discovered to contain a SQL injection vulnerability via the projectID parameter at /TaskManager/EditProject.php. | ||||
| CVE-2024-25219 | 2 Code-projects, Task Manager App | 2 Task Manager, Task Manager App | 2026-01-27 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in Task Manager App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Task Name parameter /TaskManager/Task.php. | ||||
| CVE-2024-25221 | 1 Code-projects | 1 Task Manager | 2026-01-27 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in Task Manager App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Note Section parameter at /TaskManager/Tasks.php. | ||||
| CVE-2025-15208 | 2 Code-projects, Fabian | 2 Refugee Food Management System, Refugee Food Management System | 2026-01-07 | 7.3 High |
| A security flaw has been discovered in code-projects Refugee Food Management System 1.0. Affected by this issue is some unknown functionality of the file /home/editrefugee.php. The manipulation of the argument rfid results in sql injection. The attack can be launched remotely. The exploit has been released to the public and may be exploited. | ||||
| CVE-2025-15197 | 2 Anirbandutta, Code-projects | 3 News-buzz, Content Management System, News-buzz | 2026-01-07 | 4.7 Medium |
| A security flaw has been discovered in code-projects/anirbandutta9 Content Management System and News-Buzz 1.0. This vulnerability affects unknown code of the file /admin/editposts.php. Performing manipulation of the argument image results in unrestricted upload. The attack may be initiated remotely. The exploit has been released to the public and may be exploited. | ||||
| CVE-2025-14223 | 2 Carmelo, Code-projects | 2 Simple Leave Manager, Simple Leave Manager | 2026-01-07 | 7.3 High |
| A vulnerability has been found in code-projects Simple Leave Manager 1.0. Affected by this vulnerability is an unknown functionality of the file /request.php. Such manipulation of the argument staff_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-13241 | 2 Code-projects, Fabian | 2 Student Information System, Student Information System | 2026-01-07 | 7.3 High |
| A flaw has been found in code-projects Student Information System 2.0. This vulnerability affects unknown code of the file /index.php. Executing manipulation of the argument Username can lead to sql injection. The attack can be executed remotely. The exploit has been published and may be used. | ||||