Ahmad Marzook

8 exploits Active since Mar 2026
CVE-2026-5960 WRITEUP MEDIUM WRITEUP
code-projects Patient Record Management System SQL Database Backup File hcpms.sql information disclosure
A weakness has been identified in code-projects Patient Record Management System 1.0. This affects an unknown part of the file /db/hcpms.sql of the component SQL Database Backup File Handler. Executing a manipulation can lead to information disclosure. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks.
CVSS 4.3
CVE-2026-5847 WRITEUP MEDIUM WRITEUP
code-projects Movie Ticketing System SQL Database Backup File moviedb.sql information disclosure
A vulnerability has been found in code-projects Movie Ticketing System 1.0. Impacted is an unknown function of the file /db/moviedb.sql of the component SQL Database Backup File Handler. Such manipulation leads to information disclosure. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVSS 4.3
CVE-2026-5240 WRITEUP MEDIUM WRITEUP
code-projects BloodBank Managing System admin_state.php cross site scripting
A security vulnerability has been detected in code-projects BloodBank Managing System 1.0. This affects an unknown part of the file /admin_state.php. The manipulation of the argument statename leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used.
CVSS 4.3
CVE-2026-4972 WRITEUP LOW WRITEUP
code-projects Online Reviewer System btn_functions.php cross site scripting
A security vulnerability has been detected in code-projects Online Reviewer System up to 1.0. Affected is an unknown function of the file /system/system/students/assessments/databank/btn_functions.php. Such manipulation of the argument Description leads to cross site scripting. The attack may be performed from remote. The exploit has been disclosed publicly and may be used.
CVSS 2.4
CVE-2026-4898 WRITEUP MEDIUM WRITEUP
code-projects Online Food Ordering System contact.php cross site scripting
A vulnerability was identified in code-projects Online Food Ordering System 1.0. Affected by this vulnerability is an unknown functionality of the file /dbfood/contact.php. The manipulation of the argument Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.
CVSS 4.3
CVE-2026-4899 WRITEUP LOW WRITEUP
code-projects Online Food Ordering System food.php cross site scripting
A security flaw has been discovered in code-projects Online Food Ordering System 1.0. Affected by this issue is some unknown functionality of the file /dbfood/food.php. The manipulation of the argument cuisines results in cross site scripting. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks.
CVSS 2.4
CVE-2026-4900 WRITEUP MEDIUM WRITEUP
code-projects Online Food Ordering System localhost.sql privilege escalation
A weakness has been identified in code-projects Online Food Ordering System 1.0. This affects an unknown part of the file /dbfood/localhost.sql. This manipulation causes files or directories accessible. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks. It is advisable to modify the configuration settings.
CVSS 5.3
CVE-2026-4835 WRITEUP LOW WRITEUP
code-projects Accounting System Web Application add_costumer.php cross site scripting
A security vulnerability has been detected in code-projects Accounting System 1.0. Impacted is an unknown function of the file /my_account/add_costumer.php of the component Web Application Interface. Such manipulation of the argument costumer_name leads to cross site scripting. The attack may be performed from remote. The exploit has been disclosed publicly and may be used.
CVSS 3.5