Skip to content
Threat Feed

Tag

Sourcecodester

7 briefs RSS
high advisory

CVE-2026-14732: SQL Injection in SourceCodester Class and Exam Timetabling System

A critical SQL injection vulnerability (CVE-2026-14732) in SourceCodester Class and Exam Timetabling System 1.0 allows remote, unauthenticated attackers to execute arbitrary SQL commands via manipulation of the `ID` argument in `/edit_exam.php`, leading to data exfiltration and potential system compromise.

Class and Exam Timetabling System 1.0 sql-injection web-application cve sourcecodester initial-access
1r 1t 1c
high advisory

CVE-2026-14719: SourceCodester Onlne Examination & Learning Management System Privilege Escalation

A critical remote vulnerability (CVE-2026-14719) has been identified in SourceCodester Onlne Examination & Learning Management System version 1.0. The flaw resides in the Registration Endpoint, specifically within the 'register.php' file, where improper privilege management allows for manipulation of the 'role' argument, leading to unauthorized privilege escalation. A public exploit for this vulnerability has been published, increasing the immediate risk of exploitation.

Onlne Examination & Learning Management System 1.0 privilege-escalation web-application cve sourcecodester improper-privilege-management
1r 2t 1c 1i
high advisory

CVE-2026-14713 — SQL Injection in SourceCodester Pizzafy E-Commerce System

A critical SQL injection vulnerability (CVE-2026-14713) exists in SourceCodester Pizzafy E-Commerce System version 1.0, allowing unauthenticated remote attackers to execute arbitrary SQL commands by manipulating the 'ID' argument in the `/admin/ajax.php?action=confirm_order` endpoint, potentially leading to data exfiltration or modification, with a public exploit available.

Pizzafy E-Commerce System 1.0 sql-injection web-vulnerability cve sourcecodester e-commerce
1r 1t 1c
high advisory

CVE-2026-14695: SourceCodester Multi-Vendor Online Grocery Management System SQL Injection

A high-severity SQL injection vulnerability, CVE-2026-14695, exists in SourceCodester Multi-Vendor Online Grocery Management System 1.0, allowing remote attackers to manipulate the 'Name' argument within the `save_client` function of `classes/Users.php` to execute arbitrary SQL commands, with a public exploit available.

Multi-Vendor Online Grocery Management System 1.0 sql-injection web-vulnerability cve sourcecodester data-theft
1t 1c
high advisory

CVE-2026-14690: Improper Authorization in SourceCodester Multi-Vendor Online Grocery Management System

A high-severity improper authorization vulnerability (CVE-2026-14690) in the `save_users` function of SourceCodester Multi-Vendor Online Grocery Management System 1.0 allows remote unauthenticated attackers to manipulate user accounts, potentially leading to privilege escalation or unauthorized access, with a public exploit readily available.

Multi-Vendor Online Grocery Management System 1.0 vulnerability web-application improper-authorization cve sourcecodester
3t 1c
high advisory

CVE-2026-14654: Remote SQL Injection in SourceCodester Simple and Nice Shopping Cart Script

A remote, unauthenticated SQL injection vulnerability (CVE-2026-14654) in SourceCodester Simple and Nice Shopping Cart Script 1.0 allows attackers to manipulate the `user_id` argument via `/admin/girlsproductdeletequery.php`, leading to database compromise, data exfiltration, or unauthorized access, with an exploit publicly available.

Simple and Nice Shopping Cart Script 1.0 sql-injection web-vulnerability cve sourcecodester shopping-cart
1r 1t 1c 7i
high advisory

SQL Injection in SourceCodester Class and Exam Timetabling System (CVE-2026-14641)

A critical vulnerability, CVE-2026-14641, in SourceCodester Class and Exam Timetabling System version 1.0 allows for remote SQL injection via the 'ID' argument in the '/edit_course.php' file, enabling unauthenticated attackers to manipulate database queries with a publicly disclosed exploit.

Class and Exam Timetabling System 1.0 sql-injection web-application cve sourcecodester php
1r 1t 1c