These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
A Cross-Site Request Forgery (CSRF) vulnerability has been identified in SourceCodester Student Grades Management System 1.0. The vulnerability affects an unspecified component and can be exploited remotely. According to the source record, an exploit has been publicly released. The vulnerability was published to the CVE List on 2026-05-25 and last modified on 2026-05-26. The CVSS 4.0 vector indicates netw [truncated]
A cross-site scripting (XSS) vulnerability exists in SourceCodester Student Grades Management System 1.0, specifically within the students.php file. The vulnerability stems from improper sanitization of user-supplied input in the 'Remarks' parameter, allowing an attacker to inject malicious scripts. Successful exploitation requires a remote attacker to have low privileges and interact with a victim user i [truncated]
A low-severity improper authorization vulnerability exists in SourceCodester Student Grades Management System 1.0, specifically within the `getClassroomStudents` and `removeStudentFromClassroom` functions of `classroom.php`. The flaw stems from insufficient validation of the `classroom_id` parameter, allowing an authenticated attacker with low privileges to manipulate classroom identifiers and potentially [truncated]
A SQL injection vulnerability exists in SourceCodester Simple POS and Inventory System 1.0, specifically within the /user/search.php file. The vulnerability stems from improper sanitization of the 'Name' parameter, allowing remote attackers to inject malicious SQL commands. The CVSS 4.0 vector indicates network accessibility with low attack complexity, no required privileges or user interaction, and low i [truncated]
A vulnerability in SourceCodester Simple POS and Inventory System 1.0 allows authenticated remote attackers to upload files with unrestricted extensions via the image parameter in /admin/addproduct.php. The flaw stems from improper validation of file extensions in the File Extension Handler component, classified under CWE-434 (Unrestricted Upload of File with Dangerous Type) and CWE-284 (Improper Access C [truncated]
A SQL injection vulnerability exists in SourceCodester Simple POS and Inventory System 1.0, specifically within the delete function of /admin/deleteproduct.php. The vulnerability stems from improper sanitization of the ID parameter in GET requests, allowing remote attackers to manipulate database queries. The CVSS 4.0 score of 2.0 (LOW severity) reflects the requirement for high privileges (PR:H), though [truncated]
A cross-site scripting (XSS) vulnerability exists in SourceCodester Indian Invoicing System 1.0, specifically within the `/Invoicing/category.php` file. The `msg` parameter is susceptible to manipulation, allowing remote attackers to inject malicious scripts. The CVSS 4.0 vector indicates network attack vector with low attack complexity, no privileges required, but user interaction is required. The vulner [truncated]
A low-severity improper access control vulnerability affects SourceCodester Indian Invoicing System 1.0. The vulnerability resides in an unspecified backend endpoint and allows remote attackers to manipulate access controls. The issue was published on May 25, 2026, and modified on May 26, 2026. The exploit has been publicly disclosed and may be utilized. Multiple endpoints are affected. The vulnerability [truncated]
A SQL injection vulnerability exists in SourceCodester Indian Invoicing System 1.0, specifically within the /Invoicing/IGST_Invoice.php file's Invoice Generation Handler component. The vulnerability allows remote attackers to manipulate the customer_name or category parameters to inject malicious SQL commands. The CVSS 4.0 vector indicates network attack vector with low attack complexity, requiring low pr [truncated]
A stored cross-site scripting (XSS) vulnerability exists in SourceCodester SUP Online Shopping 1.0, specifically within the administrative product editing interface at /admin/productedit.php. The productName parameter lacks proper input sanitization, allowing authenticated administrators to inject malicious scripts. Successful exploitation requires high privileges (administrative access) and user interact [truncated]
A SQL injection vulnerability exists in SourceCodester Hospitals Patient Records Management System 1.0, specifically in the /classes/Master.php?f=save_patient_history endpoint. The vulnerability stems from improper sanitization of the 'ID' parameter, allowing remote attackers to inject malicious SQL commands. The CVSS 4.0 vector indicates network attack vector with low attack complexity, no privileges req [truncated]
A SQL injection vulnerability exists in SourceCodester Hospitals Patient Records Management System 1.0, specifically within the /admin/patients/view_history.php file. The vulnerability stems from improper input validation of the ID parameter, allowing remote attackers to manipulate SQL queries. The CVSS 4.0 vector indicates network attack vector with low attack complexity, no required privileges, and no u [truncated]
