PatchSiren

code-projects CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

MEDIUM code-projects CVE published 2026-07-04

CVE-2026-14660

A SQL injection vulnerability was found in the login.php file of Online Job Portal 1.0. The vulnerability allows remote attackers to inject malicious SQL code by manipulating the txtUser and txtPass arguments. The exploit has been made public and could be used by attackers to compromise the affected system. The vulnerability has a CVSS score of 5.5 and is classified as MEDIUM severity. The affected vendor [truncated]

LOW code-projects CVE published 2026-07-04

CVE-2026-14658

CVE-2026-14658 is a SQL injection vulnerability detected in Assessment Management 1.0. The vulnerability affects an unknown code section of the /lecturer/marking-scheme.php file. The manipulation of the smarksrange[] argument results in SQL injection. The attack can be launched remotely, and the exploit is now public. The CVSS score for this vulnerability is 2.1, indicating a low severity. The CVE was pub [truncated]

LOW code-projects CVE published 2026-07-04

CVE-2026-14657

A SQL injection vulnerability has been discovered in Assessment Management 1.0. The issue lies in the Database Query Handler of the /lecturer/marking-scheme.php file. An attacker can exploit this vulnerability remotely by manipulating the squestions[] argument. The exploit has been published and may be used. The CVSS score for this vulnerability is 2.1, indicating a low severity. The vulnerability was pub [truncated]

LOW code-projects CVE published 2026-07-04

CVE-2026-14656

CVE-2026-14656 is a cross site scripting vulnerability detected in Code-Projects Assessment Management 1.0. The vulnerability affects an unknown part of the file /admin/remove-user.php. The manipulation of the argument ID leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. The CVSS score for this vulnerability is 2.1, indi [truncated]

LOW code-projects CVE published 2026-07-04

CVE-2026-14655

A low-severity cross-site scripting vulnerability has been identified in Code-Projects Assessment Management 1.0. The vulnerability affects an unknown functionality of the file admin/view-users.php and can be exploited remotely. The exploit has been made publicly available and could be used for attacks. The CVSS score for this vulnerability is 1.9, indicating a low severity. The vulnerability was publishe [truncated]

MEDIUM Code-Projects CVE published 2026-07-04

CVE-2026-14649

A SQL injection vulnerability was detected in Code-Projects Online Voting System 1.0. The impacted function is test_input in the file /saveVote.php. Performing a manipulation of the argument voterName/voterEmail/voterID/selectedCandidate results in SQL injection. The attack can be initiated remotely. This vulnerability has a CVSS score of 6.9 and a severity of MEDIUM.

LOW code-projects CVE published 2026-06-28

CVE-2026-13504

CVE-2026-13504 is a cross-site scripting vulnerability found in the Project Management System 1.0. The vulnerability affects the mail compose page, located at /mail.php, and allows an attacker to inject malicious scripts. The attack can be performed remotely, and the exploit has been publicly disclosed. The CVSS score for this vulnerability is 2, indicating a low severity. The vulnerability was published [truncated]

MEDIUM code-projects CVE published 2026-06-08

CVE-2026-11488

A SQL injection vulnerability has been discovered in the Simple Flight Ticket Booking System 1.0. The vulnerability affects an unknown part of the file checkUser.php, specifically the POST parameter handler for the Username argument. This allows for remote exploitation, and a public exploit has been disclosed.

MEDIUM code-projects CVE published 2026-06-05

CVE-2026-11342

A SQL injection vulnerability has been discovered in the Hotel and Tourism Reservation System 1.0. This vulnerability affects an unknown function of the file /details.php and can be exploited remotely by manipulating the 'room' argument. The vulnerability has been publicly disclosed and can be used by attackers. The CVSS score for this vulnerability is 5.5, indicating a medium severity.

MEDIUM code-projects CVE published 2026-06-01

CVE-2026-10262

A SQL injection vulnerability exists in the code-projects Real State Services 1.0 application, specifically within the /loginuser.php file's Login component. The Username parameter is susceptible to manipulation, allowing remote attackers to inject malicious SQL commands. The vulnerability has been publicly disclosed and proof-of-concept exploit information is available. The CVSS 4.0 vector indicates netw [truncated]

LOW code-projects CVE published 2026-06-01

CVE-2026-10209

A SQL injection vulnerability exists in the Online Hospital Management System 1.0 from code-projects. The flaw resides in the appointmentdetail.php file within the Appointment Handler component, where the editid parameter is improperly sanitized. An attacker with low privileges can manipulate this argument to inject malicious SQL commands remotely. The vulnerability has been publicly disclosed and an expl [truncated]

MEDIUM code-projects CVE published 2026-06-01

CVE-2026-10208

A SQL injection vulnerability exists in the Online Hospital Management System project. The flaw resides in the `login_user` function within `login_1.php`, where the `Username` parameter is improperly sanitized. An unauthenticated remote attacker can manipulate this argument to inject malicious SQL statements. The vulnerability has been publicly disclosed and proof-of-concept material is available. The CVS [truncated]

MEDIUM code-projects CVE published 2026-05-31

CVE-2026-10186

A SQL injection vulnerability exists in code-projects Online Hospital Management System 1.0, specifically within the /patient.php file. The editid parameter is susceptible to manipulation, allowing remote attackers to inject arbitrary SQL commands. The vulnerability has been publicly disclosed with available exploit information, increasing the risk of active exploitation. The CVSS 4.0 vector indicates net [truncated]

MEDIUM code-projects CVE published 2026-05-31

CVE-2026-10178

A SQL injection vulnerability exists in code-projects Online Music Site 1.0, specifically within the /Administrator/PHP/AdminEditAlbum.php file. The ID parameter is susceptible to manipulation, allowing remote attackers to inject arbitrary SQL commands. The vulnerability has been publicly disclosed and is rated MEDIUM severity with a CVSS score of 5.5. The weakness is classified under CWE-89 (SQL Injectio [truncated]

MEDIUM code-projects CVE published 2026-05-30

CVE-2026-10110

A SQL injection vulnerability exists in the Student Details Management System version 1.0, distributed via code-projects.org. The flaw resides in the /index.php endpoint and is reachable through manipulation of the 'roll' parameter. The attack vector is network-accessible and does not require authentication, allowing remote exploitation. The vulnerability has been publicly disclosed with available exploit details.

LOW code-projects CVE published 2026-05-25

CVE-2026-9451

A SQL injection vulnerability exists in code-projects Employee Management System 1.0, specifically in the /process/applyleaveprocess.php file. The vulnerability stems from improper sanitization of the 'ID' parameter, allowing remote attackers to inject malicious SQL commands. The CVSS 4.0 score of 2.1 (LOW severity) reflects limited privileges required and low impact on confidentiality, integrity, and ava [truncated]

LOW code-projects CVE published 2026-05-25

CVE-2026-9450

A SQL injection vulnerability exists in code-projects Employee Management System 1.0, specifically in the /psubmit.php file via the pid parameter. The vulnerability allows remote attackers to manipulate database queries. The CVSS 4.0 vector indicates network attack vector with low attack complexity, low privileges required, and no user interaction needed. The vulnerability has been publicly disclosed with [truncated]

LOW code-projects CVE published 2026-05-25

CVE-2026-9449

A SQL injection vulnerability exists in code-projects Employee Management System 1.0, affecting the /changepassemp.php file. The vulnerability allows remote attackers to manipulate SQL queries through unspecified input parameters. The CVSS 4.0 score of 2.1 reflects low severity with network attack vector, low attack complexity, and required privileges. The vulnerability was published on May 25, 2026, with [truncated]

LOW code-projects CVE published 2026-05-25

CVE-2026-9418

A cross-site scripting (XSS) vulnerability exists in code-projects Employee Management System 1.0, specifically within the /changepassemp.php file. The vulnerability stems from improper handling of the ID parameter, allowing remote attackers to inject malicious scripts. The CVSS 4.0 vector indicates network attack vector, low attack complexity, no required privileges, but requires user interaction, with p [truncated]

LOW code-projects CVE published 2026-05-25

CVE-2026-9416

A stored or reflected cross-site scripting (XSS) vulnerability exists in code-projects Employee Management System 1.0, specifically within the /myprofile.php endpoint. The vulnerability stems from improper sanitization of the 'ID' parameter, allowing remote attackers to inject malicious scripts. The CVSS 4.0 vector indicates network attack vector, low attack complexity, no required privileges, but require [truncated]