6.9
CVE-2025-11615 - SourceCodester Best Salon Management System add_invoice.php sql injection
A security flaw has been discovered in SourceCodester Best Salon Management System 1.0. This affects an unknown part of the file /panel/add_invoice.php. Performing manipulation of the argument ServiceId results in sql injection. Remote exploitation of the attack is possible. The exploit has been reβ¦
6.9
CVE-2025-11614 - SourceCodester Best Salon Management System edit-appointment.php sql injection
A vulnerability was identified in SourceCodester Best Salon Management System 1.0. Affected by this issue is some unknown functionality of the file /panel/edit-appointment.php. Such manipulation of the argument editid leads to sql injection. The attack may be launched remotely. The exploit is publiβ¦
5.3
CVE-2025-11613 - code-projects Simple Food Ordering System addcategory.php sql injection
A vulnerability was found in code-projects Simple Food Ordering System 1.0. Affected is an unknown function of the file /addcategory.php. The manipulation of the argument cname results in sql injection. The attack can be launched remotely. The exploit has been made public and could be used.
5.3
CVE-2025-11612 - code-projects Simple Food Ordering System addproduct.php sql injection
A vulnerability has been found in code-projects Simple Food Ordering System 1.0. This impacts an unknown function of the file /addproduct.php. The manipulation of the argument Category leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and mayβ¦
5.3
CVE-2025-11611 - SourceCodester Simple Inventory System user.php sql injection
A weakness has been identified in SourceCodester Simple Inventory System 1.0. Impacted is an unknown function of the file /user.php. This manipulation of the argument uemail causes sql injection. The attack is possible to be carried out remotely. The exploit has been made available to the public anβ¦
5.3
CVE-2025-11610 - SourceCodester Simple Inventory System brand.php sql injection
A security flaw has been discovered in SourceCodester Simple Inventory System 1.0. This issue affects some unknown processing of the file /brand.php. The manipulation of the argument editBrandName results in sql injection. The attack can be executed remotely. The exploit has been released to the puβ¦
6.3
CVE-2025-11609 - code-projects Hospital Management System express-session hard-coded key
A flaw has been found in code-projects Hospital Management System 1.0. Affected is the function session of the component express-session. This manipulation of the argument secret with the input secret causes use of hard-coded cryptographic key . The attack can be initiated remotely. The attack is β¦
6.9
CVE-2025-11608 - code-projects E-Banking System POST Parameter register.php sql injection
A security vulnerability has been detected in code-projects E-Banking System 1.0. This affects an unknown function of the file /register.php of the component POST Parameter Handler. The manipulation of the argument username/password leads to sql injection. It is possible to initiate the attack remoβ¦
5.3
CVE-2025-11607 - harry0703 MoneyPrinterTurbo API Endpoint music.py upload_music path traversal
A weakness has been identified in harry0703 MoneyPrinterTurbo up to 1.2.6. The impacted element is the function upload_music of the file app/controllers/v1/music.py of the component API Endpoint. Executing a manipulation of the argument File can lead to path traversal. The attack may be performed fβ¦
5.3
CVE-2025-11606 - iPynch Social Network Website Search sql injection
A security flaw has been discovered in iPynch Social Network Website up to b6933b6d7f82c84819abe458ccf0e59d61119541. The affected element is an unknown function of the component Search. Performing manipulation results in sql injection. The attack is possible to be carried out remotely. The exploit β¦