These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
A SQL injection vulnerability was found in the Simple and Nice Shopping Cart Script 1.0. The vulnerability affects an unknown function of the file /admin/login.php in the Admin Login component. The manipulation of the Username argument results in SQL injection. The attack can be launched remotely. The exploit has been made public and could be used. The CVSS score for this vulnerability is 5.5, with a seve [truncated]
A SQL injection vulnerability was identified in the Class and Exam Timetabling System 1.0. The vulnerability affects an unknown functionality of the /edit_class2.php file. The manipulation of the ID argument leads to SQL injection. The attack can be carried out remotely. The exploit is publicly available and might be used. The CVSS score for this vulnerability is 5.5, indicating a medium severity level.
A SQL injection vulnerability was discovered in the SourceCodester Class and Exam Timetabling System 1.0. The issue affects an unknown functionality within the /edit_course.php file. By manipulating the ID argument, an attacker can inject malicious SQL code, enabling remote attacks. The vulnerability has been publicly disclosed and may be exploited. Evidence from Vuldb and NVD confirms the vulnerability's [truncated]
A SQL injection vulnerability has been discovered in the Class and Exam Timetabling System 1.0. The affected component is an unknown function within the /preview4.php file. This vulnerability allows for SQL injection through manipulation of the course_year_section argument. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. The CVSS score for this vulnerabil [truncated]
CVE-2026-13486 is a SQL injection vulnerability in the SourceCodester Class and Exam Timetabling System 1.0. The vulnerability is located in the /preview6.php file, where an attacker can manipulate the course_year_section argument to inject malicious SQL code. This can be done remotely, and the exploit has been publicly disclosed. The vulnerability has a CVSS score of 5.5 and a severity of MEDIUM. The ven [truncated]
CVE-2026-13485 is a SQL injection vulnerability in the Class and Exam Timetabling System 1.0. The vulnerability affects an unknown function of the file /preview.php and can be exploited remotely by manipulating the course_year_section argument. The vulnerability has a CVSS score of 5.5 and a severity of MEDIUM. The exploit has been made public and could be used. The vendor is Unknown Vendor, and the produ [truncated]
CVE-2026-12529 is a MEDIUM severity vulnerability in the SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0. The vulnerability affects an unknown function of the file /index.php of the component Student Self-Registration Endpoint, allowing for improper access controls. Remote exploitation of the attack is possible. Administrators and users of the system should be aware of this vu [truncated]
A vulnerability has been found in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0. The impacted element is an unknown function of the file /index.php. The manipulation of the argument action leads to cross site scripting. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used.
A vulnerability has been found in SourceCodester Online Examination & Learning Management System and Syllabus-aligned Learning Management and Examination System 1.0. Affected by this issue is some unknown functionality of the file import_users.php. The manipulation of the argument raw_password with the input CICT_2026 leads to use of hard-coded password. The attack can be initiated remotely.
A weakness has been identified in SourceCodester Inventory System 1.0. The issue affects an unknown functionality of the file `header.php`, enabling cross-site scripting through manipulation. The attack can be initiated remotely, and a public exploit is available.
A security flaw has been discovered in SourceCodester Inventory System 1.0. Affected by this vulnerability is an unknown functionality of the file /Product_Inventory/api/users_handler.php of the component Account Creation Handler. The manipulation of the argument ROLE results in improper authorization. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks.
A vulnerability was found in SourceCodester Barangay Resident Profiling and Information Management System 1.0. The affected component is the password reset handler in the file `password_reset.php`. Manipulating the `new_password` argument with the input `password123` leads to the use of a hard-coded password. This attack can be launched remotely. The exploit has been publicly disclosed and may be used.
A SQL injection vulnerability was detected in SourceCodester Class and Exam Timetabling System 1.0. The vulnerability affects an unknown functionality of the file /archive1.php and can be exploited remotely. The exploit is publicly available.
CVE-2026-11485 is a SQL injection vulnerability in SourceCodester Class and Exam Timetabling System 1.0. The vulnerability has a CVSS score of 5.5 and was first published on [cvePublishedAt](https://www.cve.org/CVERecord?id=CVE-2026-11485). The vulnerability affects an unknown function of the file /archive2.php and can be exploited remotely. The vulnerability is caused by manipulation of the argument sy, [truncated]
A weakness has been identified in SourceCodester Class and Exam Timetabling System 1.0. This impacts an unknown function of the file /archive3.php. This manipulation of the argument sy causes sql injection. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks.
A security flaw has been discovered in SourceCodester Class and Exam Timetabling System 1.0. This affects an unknown function of the file /archive4.php. The manipulation of the argument sy results in SQL injection. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks.
A SQL injection vulnerability was identified in SourceCodester Class and Exam Timetabling System 1.0. The vulnerability is located in an unknown function of the file /archive5.php and can be exploited remotely by manipulating the 'sy' argument. The vulnerability has a CVSS score of 5.5 and is rated as MEDIUM. The exploit is publicly available and might be used.
A SQL injection vulnerability was discovered in SourceCodester Class and Exam Timetabling System 1.0. The vulnerability affects an unknown function of the file /index1.php, specifically through manipulation of the Password argument. This vulnerability can be exploited remotely. The exploit has been publicly disclosed and may be utilized.
A SQL injection vulnerability was found in SourceCodester Class and Exam Timetabling System 1.0. The vulnerability is located in an unknown function of the file /index2.php and can be exploited remotely by manipulating the Password argument. The vulnerability has a CVSS score of 5.5 and is rated as MEDIUM.
A cross-site scripting vulnerability was detected in the SourceCodester Hospitals Patient Records Management System 1.0. The issue affects unknown processing of the file /admin/?page=room_types, where manipulation of the 'room' argument results in cross-site scripting. The attack can be carried out remotely.
A SQL injection vulnerability has been detected in the SourceCodester Ship Ferry Ticket Reservation System up to version 1.0. The vulnerability affects an unknown function in the `/admin/login.php` file of the Admin Login component. Manipulation of the `Username` argument leads to SQL injection, allowing remote attackers to execute the attack. The exploit has been publicly disclosed and may be used. The C [truncated]
A weakness has been identified in SourceCodester Ship Ferry Ticket Reservation System 1.0. This affects an unknown function of the file /admin/. This manipulation of the argument page causes improper authorization. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks.
A SQL injection vulnerability exists in SourceCodester Computer Repair Shop Management System up to version 1.0. The vulnerability is located in the /admin/products/manage_product.php file, where manipulation of the ID parameter allows an attacker to inject arbitrary SQL commands. The attack vector is network-based and does not require authentication, making it remotely exploitable. The vulnerability has [truncated]
A CSV injection vulnerability exists in SourceCodester Pharmacy Sales and Inventory System up to version 1.0, specifically within the Supplier Creation Interface. The flaw resides in the create_supplier function of the /Export_csv/export file, where the Address and Company Name parameters are not properly sanitized before being written to CSV output. An attacker with sufficient privileges can inject malic [truncated]
A stored cross-site scripting (XSS) vulnerability exists in SourceCodester Pharmacy Sales and Inventory System 1.0, specifically within the `create_generic_name` function accessible via the `/ShowForm/create_generic_name/main` endpoint. The `generic_name` parameter lacks sufficient input sanitization, allowing remote attackers to inject malicious scripts. The vulnerability requires low privileges (PR:L) a [truncated]
A stored cross-site scripting (XSS) vulnerability exists in SourceCodester Pharmacy Sales and Inventory System 1.0, specifically within the create_medicine_presentation function accessible via the /ShowForm/create_medicine_presentation/main endpoint. The medicine_presentation parameter accepts unsanitized input, allowing remote attackers to inject malicious scripts. The vulnerability has been publicly dis [truncated]
A stored cross-site scripting (XSS) vulnerability exists in SourceCodester Pharmacy Sales and Inventory System 1.0, specifically within the create_supplier function accessible via the /ShowForm/create_supplier/main endpoint. The company_name parameter lacks sufficient input sanitization, allowing remote attackers to inject malicious scripts. The vulnerability has been assigned a LOW severity CVSS score of [truncated]
A stored cross-site scripting (XSS) vulnerability exists in the SourceCodester Pharmacy Sales and Inventory System 1.0, specifically within the create_medicine_name function accessible via the /ShowForm/create_medicine_name/main file path. The vulnerability allows remote attackers to inject malicious scripts through the medicine_name parameter. The CVSS 4.0 vector indicates network attack vector, low atta [truncated]
A SQL injection vulnerability exists in SourceCodester Hospitals Patient Records Management System 1.0, specifically in the /classes/Users.php?f=save endpoint. The vulnerability is triggered by manipulation of the ID argument, allowing remote attackers to inject arbitrary SQL commands. The CVSS 4.0 vector indicates network attack vector with low complexity, no required privileges, and no user interaction, [truncated]
A SQL injection vulnerability exists in SourceCodester Hospitals Patient Records Management System 1.0, specifically in the /classes/Users.php?f=delete endpoint. The ID parameter is susceptible to manipulation, allowing remote attackers to inject arbitrary SQL commands. The vulnerability has been publicly disclosed with an exploit available, though no known active exploitation or ransomware campaign use h [truncated]
Cross-Site Scripting (XSS) vulnerability in SourceCodester Doctor Appointment System 1.0, affecting the user registration functionality in register.php due to improper input sanitization.
A missing authorization vulnerability in SourceCodester eDoc Doctor Appointment System 1.0 allows remote attackers to manipulate the ID parameter in /admin/delete-session.php without proper authentication. The vulnerability was disclosed publicly on 2026-05-26 with proof-of-concept materials available. The CVSS 4.0 vector indicates network attack vector with low attack complexity, no privileges required, [truncated]
A Cross-Site Request Forgery (CSRF) vulnerability has been identified in SourceCodester Student Grades Management System 1.0. The vulnerability affects an unspecified component and can be exploited remotely. According to the source record, an exploit has been publicly released. The vulnerability was published to the CVE List on 2026-05-25 and last modified on 2026-05-26. The CVSS 4.0 vector indicates netw [truncated]
A cross-site scripting (XSS) vulnerability exists in SourceCodester Student Grades Management System 1.0, specifically within the students.php file. The vulnerability stems from improper sanitization of user-supplied input in the 'Remarks' parameter, allowing an attacker to inject malicious scripts. Successful exploitation requires a remote attacker to have low privileges and interact with a victim user i [truncated]
A low-severity improper authorization vulnerability exists in SourceCodester Student Grades Management System 1.0, specifically within the `getClassroomStudents` and `removeStudentFromClassroom` functions of `classroom.php`. The flaw stems from insufficient validation of the `classroom_id` parameter, allowing an authenticated attacker with low privileges to manipulate classroom identifiers and potentially [truncated]
A low-severity improper authorization vulnerability affects SourceCodester Student Grades Management System 1.0. The issue resides in the grades.php file, where manipulation of the student_id parameter allows an attacker with low privileges to bypass authorization controls. The attack vector is network-based, requires low attack complexity, and no user interaction. The vulnerability was disclosed publicly [truncated]
A SQL injection vulnerability exists in SourceCodester Simple POS and Inventory System 1.0, specifically within the /user/search.php file. The vulnerability stems from improper sanitization of the 'Name' parameter, allowing remote attackers to inject malicious SQL commands. The CVSS 4.0 vector indicates network accessibility with low attack complexity, no required privileges or user interaction, and low i [truncated]
A vulnerability in SourceCodester Simple POS and Inventory System 1.0 allows authenticated remote attackers to upload files with unrestricted extensions via the image parameter in /admin/addproduct.php. The flaw stems from improper validation of file extensions in the File Extension Handler component, classified under CWE-434 (Unrestricted Upload of File with Dangerous Type) and CWE-284 (Improper Access C [truncated]
A SQL injection vulnerability exists in SourceCodester Simple POS and Inventory System 1.0, specifically within the delete function of /admin/deleteproduct.php. The vulnerability stems from improper sanitization of the ID parameter in GET requests, allowing remote attackers to manipulate database queries. The CVSS 4.0 score of 2.0 (LOW severity) reflects the requirement for high privileges (PR:H), though [truncated]
A stored cross-site scripting (XSS) vulnerability exists in SourceCodester Indian Invoicing System up to version 1.0. The flaw resides in the `customer_name` parameter of `/Invoicing/add_order.php`, allowing remote attackers to inject malicious scripts that execute in the context of authenticated users. The vulnerability has been publicly disclosed with proof-of-concept material available. The CVSS 4.0 ve [truncated]
A cross-site scripting (XSS) vulnerability exists in SourceCodester Indian Invoicing System 1.0, specifically within the `/Invoicing/category.php` file. The `msg` parameter is susceptible to manipulation, allowing remote attackers to inject malicious scripts. The CVSS 4.0 vector indicates network attack vector with low attack complexity, no privileges required, but user interaction is required. The vulner [truncated]
A low-severity improper access control vulnerability affects SourceCodester Indian Invoicing System 1.0. The vulnerability resides in an unspecified backend endpoint and allows remote attackers to manipulate access controls. The issue was published on May 25, 2026, and modified on May 26, 2026. The exploit has been publicly disclosed and may be utilized. Multiple endpoints are affected. The vulnerability [truncated]
A SQL injection vulnerability exists in SourceCodester Indian Invoicing System 1.0, specifically within the /Invoicing/IGST_Invoice.php file's Invoice Generation Handler component. The vulnerability allows remote attackers to manipulate the customer_name or category parameters to inject malicious SQL commands. The CVSS 4.0 vector indicates network attack vector with low attack complexity, requiring low pr [truncated]
A stored cross-site scripting (XSS) vulnerability exists in SourceCodester SUP Online Shopping 1.0, specifically within the administrative product editing interface at /admin/productedit.php. The productName parameter lacks proper input sanitization, allowing authenticated administrators to inject malicious scripts. Successful exploitation requires high privileges (administrative access) and user interact [truncated]
A SQL injection vulnerability exists in SourceCodester Hospitals Patient Records Management System 1.0, specifically in the /classes/Master.php?f=save_patient_history endpoint. The vulnerability stems from improper sanitization of the 'ID' parameter, allowing remote attackers to inject malicious SQL commands. The CVSS 4.0 vector indicates network attack vector with low attack complexity, no privileges req [truncated]
A SQL injection vulnerability exists in SourceCodester Hospitals Patient Records Management System 1.0, specifically within the /admin/patients/view_history.php file. The vulnerability stems from improper input validation of the ID parameter, allowing remote attackers to manipulate SQL queries. The CVSS 4.0 vector indicates network attack vector with low attack complexity, no required privileges, and no u [truncated]