SourceCodester

SourceCodester SEO Meta Tag Extractor 1.0 is vulnerable to server-side request forgery (SSRF) via manipulation of the 'url' argument in the get_headers function of the /index.php file, potentially allowing a remote attacker to make requests to internal or external systems.

A SQL injection vulnerability (CVE-2026-9447) exists in SourceCodester Simple POS and Inventory System 1.0, allowing remote attackers to execute arbitrary SQL commands by manipulating the 'Name' argument in the /user/search.php file.

A SQL injection vulnerability exists in SourceCodester Hospitals Patient Records Management System 1.0 within the /admin/patients/manage_history.php file, where manipulation of the ID argument can lead to remote exploitation.

SourceCodester Hospitals Patient Records Management System version 1.0 is vulnerable to SQL injection (CVE-2026-9355) via the ID parameter in the /classes/Master.php?f=save_patient_history endpoint, allowing a remote attacker to execute arbitrary SQL queries.

SourceCodester SUP Online Shopping 1.0 is vulnerable to SQL injection via the 'seenid' parameter in /admin/message.php, allowing remote attackers to execute arbitrary SQL commands; exploit code is publicly available.

SourceCodester SUP Online Shopping 1.0 is vulnerable to SQL injection via the msgid parameter in /admin/replymsg.php, allowing remote attackers to execute arbitrary SQL commands.

A SQL injection vulnerability exists in SourceCodester Comment System 1.0, specifically affecting the post_comment.php file; by manipulating the 'Name' argument, remote attackers can inject SQL code, potentially leading to unauthorized access or data modification.

A remote SQL injection vulnerability exists in SourceCodester Pharmacy Sales and Inventory System 1.0 via manipulation of the ID argument in the /ajax.php?action=save_user file, potentially allowing attackers to execute arbitrary SQL queries.

CVE-2026-7550 is an SQL injection vulnerability in SourceCodester Pharmacy Sales and Inventory System 1.0, allowing remote attackers to execute arbitrary SQL commands by manipulating the ID argument in the /ajax.php?action=save_customer endpoint.

A SQL injection vulnerability (CVE-2026-7545) exists in SourceCodester Advanced School Management System 1.0 within the checkEmail endpoint of commonController.php, allowing remote attackers to potentially execute arbitrary SQL commands.

A remote SQL injection vulnerability exists in SourceCodester Pharmacy Sales and Inventory System 1.0 via manipulation of the ID parameter in the /ajax.php?action=delete_category endpoint, potentially leading to unauthorized data access or modification.

A SQL injection vulnerability (CVE-2026-7199) exists in SourceCodester Pharmacy Sales and Inventory System 1.0, allowing remote attackers to execute arbitrary SQL commands by manipulating the 'ID' parameter in the `/ajax.php?action=delete_product` endpoint, potentially leading to data breach or system compromise.

SourceCodester Pharmacy Sales and Inventory System 1.0 is vulnerable to SQL injection by manipulating the ID argument in the /ajax.php?action=save_receiving file, allowing remote attackers to execute arbitrary SQL commands.

A SQL injection vulnerability exists in SourceCodester Hotel Management System 1.0 in the /index.php/reservation/check component due to improper sanitization of the room_type parameter, allowing a remote attacker to execute arbitrary SQL commands.