asd1238525

17 exploits Active since Dec 2024
CVE-2024-12790 WRITEUP LOW WRITEUP
Hostel Management Site 1.0 - Cross-Site Scripting in room-details.php
A vulnerability was found in code-projects Hostel Management Site 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file room-details.php. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVSS 3.5
CVE-2025-10837 WRITEUP LOW WRITEUP
Simple Food Ordering System 1.0 - Cross-Site Scripting via ID Parameter in order.php
A security vulnerability has been detected in code-projects Simple Food Ordering System 1.0. Affected by this vulnerability is an unknown functionality of the file /ordersimple/order.php. The manipulation of the argument ID leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used.
CVSS 3.5
CVE-2025-11074 WRITEUP HIGH WRITEUP
Code-Projects Project Monitoring System 1.0 - SQL Injection
A flaw has been found in code-projects Project Monitoring System 1.0. The impacted element is an unknown function of the file /login.php. This manipulation of the argument username/password causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used.
CVSS 7.3
CVE-2025-11424 WRITEUP HIGH WRITEUP
Code-projects Web-Based Inventory & POS System 1.0 - SQL Injection
A vulnerability was determined in code-projects Web-Based Inventory and POS System 1.0. This impacts an unknown function of the file /login.php. Executing manipulation of the argument emailid can lead to sql injection. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized.
CVSS 7.3
CVE-2025-11431 WRITEUP MEDIUM WRITEUP
Code-projects Web-Based Inventory & POS System 1.0 - SQL Injection
A vulnerability was determined in code-projects Web-Based Inventory and POS System 1.0. The impacted element is an unknown function of the file /transaction.php. This manipulation of the argument shopid causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized.
CVSS 6.3
CVE-2025-11556 WRITEUP HIGH WRITEUP
Simple Leave Manager 1.0 - SQL Injection via User.php Table Parameter
A flaw has been found in code-projects Simple Leave Manager 1.0. This vulnerability affects unknown code of the file /user.php. This manipulation of the argument table causes sql injection. Remote exploitation of the attack is possible. The exploit has been published and may be used.
CVSS 7.3
CVE-2025-12244 WRITEUP MEDIUM WRITEUP
Simple E-Banking System 1.0 - Cross-Site Scripting via Username Parameter in Register Page
A vulnerability was determined in code-projects Simple E-Banking System 1.0. This affects an unknown part of the file /eBank/register.php. Executing manipulation of the argument Username can lead to cross site scripting. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized.
CVSS 4.3
CVE-2025-12593 WRITEUP MEDIUM WRITEUP
Simple Online Hotel Reservation System 2.0 - Unrestricted Upload
A vulnerability was identified in code-projects Simple Online Hotel Reservation System 2.0. The impacted element is an unknown function of the file /admin/edit_room.php of the component Photo Handler. The manipulation leads to unrestricted upload. The attack is possible to be carried out remotely. The exploit is publicly available and might be used.
CVSS 4.7
CVE-2025-12594 WRITEUP MEDIUM WRITEUP
Simple Online Hotel Reservation System 2.0 - SQL Injection
A security flaw has been discovered in code-projects Simple Online Hotel Reservation System 2.0. This affects an unknown function of the file /admin/add_account.php. The manipulation of the argument Name results in sql injection. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks.
CVSS 4.7
CVE-2025-13241 WRITEUP HIGH WRITEUP
code-projects Student Information System 2.0 - SQL Injection via Username Parameter
A flaw has been found in code-projects Student Information System 2.0. This vulnerability affects unknown code of the file /index.php. Executing manipulation of the argument Username can lead to sql injection. The attack can be executed remotely. The exploit has been published and may be used.
CVSS 7.3
CVE-2025-13245 WRITEUP LOW WRITEUP
Student Information System 2.0 - Cross-Site Scripting in /editprofile.php
A vulnerability was identified in code-projects Student Information System 2.0. The impacted element is an unknown function of the file /editprofile.php. Such manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit is publicly available and might be used.
CVSS 3.5
CVE-2025-14531 WRITEUP MEDIUM WRITEUP
code-projects Rental Management System 2.0 - CRLF Injection
A vulnerability was found in code-projects Rental Management System 2.0. This affects an unknown function of the file Transaction.java of the component Log Handler. Performing manipulation results in crlf injection. The attack can be initiated remotely. The exploit has been made public and could be used.
CVSS 4.3
CVE-2025-14589 WRITEUP MEDIUM WRITEUP
Prison Management System 2.0 - SQL Injection
A weakness has been identified in code-projects Prison Management System 2.0. This issue affects some unknown processing of the file /admin/search.php. Executing a manipulation of the argument keyname can lead to sql injection. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks.
CVSS 6.3
CVE-2025-14590 WRITEUP HIGH WRITEUP
Prison Management System 2.0 - SQL Injection
A security vulnerability has been detected in code-projects Prison Management System 2.0. Impacted is an unknown function of the file /admin/search1.php. The manipulation of the argument keyname leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used.
CVSS 7.3
CVE-2025-14643 WRITEUP HIGH WRITEUP
Simple Attendance Record System 2.0 - SQL Injection
A vulnerability was found in code-projects Simple Attendance Record System 2.0. The affected element is an unknown function of the file /check.php. Performing manipulation of the argument student results in sql injection. Remote exploitation of the attack is possible. The exploit has been made public and could be used.
CVSS 7.3
CVE-2025-6352 WRITEUP MEDIUM WRITEUP
code-projects Automated Voting System 1.0 - Direct Request
A vulnerability classified as problematic has been found in code-projects Automated Voting System 1.0. Affected is an unknown function of the file /vote.php of the component Backend. The manipulation leads to direct request. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS 5.3
CVE-2025-6353 WRITEUP LOW WRITEUP
Responsive Blog Site 1.0 - Cross-Site Scripting via Search Keyword Parameter
A vulnerability classified as problematic was found in code-projects Responsive Blog 1.0. Affected by this vulnerability is an unknown functionality of the file /search.php. The manipulation of the argument keyword leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVSS 3.5