Tag
CVE-2026-14732: SQL Injection in SourceCodester Class and Exam Timetabling System
1 rule 1 TTP 1 CVEA critical SQL injection vulnerability (CVE-2026-14732) in SourceCodester Class and Exam Timetabling System 1.0 allows remote, unauthenticated attackers to execute arbitrary SQL commands via manipulation of the `ID` argument in `/edit_exam.php`, leading to data exfiltration and potential system compromise.
CVE-2026-14719: SourceCodester Onlne Examination & Learning Management System Privilege Escalation
1 rule 2 TTPs 1 CVE 1 IOCA critical remote vulnerability (CVE-2026-14719) has been identified in SourceCodester Onlne Examination & Learning Management System version 1.0. The flaw resides in the Registration Endpoint, specifically within the 'register.php' file, where improper privilege management allows for manipulation of the 'role' argument, leading to unauthorized privilege escalation. A public exploit for this vulnerability has been published, increasing the immediate risk of exploitation.
CVE-2026-14713 — SQL Injection in SourceCodester Pizzafy E-Commerce System
1 rule 1 TTP 1 CVEA critical SQL injection vulnerability (CVE-2026-14713) exists in SourceCodester Pizzafy E-Commerce System version 1.0, allowing unauthenticated remote attackers to execute arbitrary SQL commands by manipulating the 'ID' argument in the `/admin/ajax.php?action=confirm_order` endpoint, potentially leading to data exfiltration or modification, with a public exploit available.
CVE-2026-14695: SourceCodester Multi-Vendor Online Grocery Management System SQL Injection
1 TTP 1 CVEA high-severity SQL injection vulnerability, CVE-2026-14695, exists in SourceCodester Multi-Vendor Online Grocery Management System 1.0, allowing remote attackers to manipulate the 'Name' argument within the `save_client` function of `classes/Users.php` to execute arbitrary SQL commands, with a public exploit available.
CVE-2026-14690: Improper Authorization in SourceCodester Multi-Vendor Online Grocery Management System
3 TTPs 1 CVEA high-severity improper authorization vulnerability (CVE-2026-14690) in the `save_users` function of SourceCodester Multi-Vendor Online Grocery Management System 1.0 allows remote unauthenticated attackers to manipulate user accounts, potentially leading to privilege escalation or unauthorized access, with a public exploit readily available.
CVE-2026-14654: Remote SQL Injection in SourceCodester Simple and Nice Shopping Cart Script
1 rule 1 TTP 1 CVE 7 IOCsA remote, unauthenticated SQL injection vulnerability (CVE-2026-14654) in SourceCodester Simple and Nice Shopping Cart Script 1.0 allows attackers to manipulate the `user_id` argument via `/admin/girlsproductdeletequery.php`, leading to database compromise, data exfiltration, or unauthorized access, with an exploit publicly available.
SQL Injection in SourceCodester Class and Exam Timetabling System (CVE-2026-14641)
1 rule 1 TTP 1 CVEA critical vulnerability, CVE-2026-14641, in SourceCodester Class and Exam Timetabling System version 1.0 allows for remote SQL injection via the 'ID' argument in the '/edit_course.php' file, enabling unauthenticated attackers to manipulate database queries with a publicly disclosed exploit.