yangfan2

4 exploits Active since Nov 2025
CVE-2025-13263 WRITEUP MEDIUM WRITEUP
SourceCodester Online Magazine Management System 1.0 - SQL Injection via categories.php c Parameter
A vulnerability was identified in SourceCodester Online Magazine Management System 1.0. Affected by this issue is some unknown functionality of the file /categories.php. The manipulation of the argument c leads to sql injection. The attack is possible to be carried out remotely. The exploit is publicly available and might be used.
CVSS 6.3
CVE-2025-13264 WRITEUP MEDIUM WRITEUP
SourceCodester Online Magazine Management System 1.0 - SQL Injection via /view_magazine.php ID Parameter
A security flaw has been discovered in SourceCodester Online Magazine Management System 1.0. This affects an unknown part of the file /view_magazine.php. The manipulation of the argument ID results in sql injection. The attack may be performed from remote. The exploit has been released to the public and may be exploited.
CVSS 6.3
CVE-2025-13267 WRITEUP MEDIUM WRITEUP
Dental Clinic Appointment Reservation System 1.0 - SQL Injection via Username/Password Parameter
A vulnerability was detected in SourceCodester Dental Clinic Appointment Reservation System 1.0. Impacted is an unknown function of the file /success.php. Performing manipulation of the argument username/password results in sql injection. The attack can be initiated remotely. The exploit is now public and may be used.
CVSS 6.3
CVE-2025-13564 WRITEUP MEDIUM WRITEUP
Pre-School Management System 1.0 - Denial of Service via Filepath Manipulation in FilehelperController
A security flaw has been discovered in SourceCodester Pre-School Management System 1.0. Impacted is the function removefile of the file app/controllers/FilehelperController.php. Performing manipulation of the argument filepath results in denial of service. The attack is possible to be carried out remotely. The exploit has been released to the public and may be exploited.
CVSS 5.4