Oretnom23 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
一般的な弱点パターンには vendor risk input validation、vendor risk csrf、パス処理の欠陥, and vendor risk open redirect があり、vendor surface software deployment の利用場面で vendor impact unexpected behavior、ファイル上書き, and vendor impact unauthorized access などのリスクが生じる可能性があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2026-36947 | Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL Injection in the file /rsms/admin/services/view_service.php. | [email protected] | 2.7 | 0.22% | 2026-04-13 | 2026-04-14 |
| CVE-2026-36946 | Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL injection in the file /rsms/admin/inquiries/view_details.php. | [email protected] | 2.7 | 0.28% | 2026-04-13 | 2026-05-10 |
| CVE-2026-36923 | Sourcecodester Cab Management System 1.0 is vulnerable to SQL Injection in the file /cms/admin/bookings/view_booking.php. | [email protected] | 2.7 | 0.22% | 2026-04-13 | 2026-04-14 |
| CVE-2026-36922 | Sourcecodester Cab Management System v1.0 is vulnerable to SQL injection in the file /cms/admin/categories/view_category.php. | [email protected] | 2.7 | 0.22% | 2026-04-13 | 2026-04-14 |
| CVE-2026-30523 | A Business Logic vulnerability exists in SourceCodester Loan Management System v1.0 due to the lack of proper input validation. The application allows administrators to define "Loan Plans" which determine the duration of a loan (in months). However, the backend fails to validate that the duration must be a positive integer. An attacker can submit a negative value for the months parameter. The system accepts this invalid data and creates a loan plan with a negative duration. | [email protected] | 6.5 | 0.30% | 2026-04-01 | 2026-04-07 |
| CVE-2026-30522 | A Business Logic vulnerability exists in SourceCodester Loan Management System v1.0 due to improper server-side validation. The application allows administrators to create "Loan Plans" with specific penalty rates for overdue payments. While the frontend interface prevents users from entering negative numbers in the "Monthly Overdue Penalty" field, this constraint is not enforced on the backend. An authenticated attacker can bypass the client-side restriction by manipulating the HTTP POST request | [email protected] | 6.5 | 0.26% | 2026-04-01 | 2026-04-01 |
| CVE-2026-30521 | A Business Logic vulnerability exists in SourceCodester Loan Management System v1.0 due to improper server-side validation. The application allows administrators to create "Loan Plans" with specific interest rates. While the frontend interface prevents users from entering negative numbers, this constraint is not enforced on the backend. An authenticated attacker can bypass the client-side restriction by manipulating the HTTP POST request to submit a negative value for the interest_percentage. Th | [email protected] | 6.5 | 0.31% | 2026-03-31 | 2026-04-02 |
| CVE-2026-30520 | A Blind SQL Injection vulnerability exists in SourceCodester Loan Management System v1.0. The vulnerability is located in the ajax.php file (specifically the save_loan action). The application fails to properly sanitize user input supplied to the "borrower_id" parameter in a POST request, allowing an authenticated attacker to inject malicious SQL commands. | [email protected] | 5.4 | 0.22% | 2026-03-31 | 2026-04-06 |
| CVE-2026-30534 | A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in admin/manage_category.php via the "id" parameter. | [email protected] | 8.3 | 0.33% | 2026-03-27 | 2026-03-30 |
| CVE-2026-30533 | A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the admin/manage_product.php file via the "id" parameter. | [email protected] | 9.8 | 0.39% | 2026-03-27 | 2026-03-30 |
| CVE-2026-30532 | A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the admin/view_product.php file via the "id" parameter. | [email protected] | 9.8 | 0.33% | 2026-03-27 | 2026-03-30 |
| CVE-2026-30531 | A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the Actions.php file (specifically the save_category action). The application fails to properly sanitize user input supplied to the "name" parameter. This allows an authenticated attacker to inject malicious SQL commands. | [email protected] | 8.8 | 0.45% | 2026-03-27 | 2026-03-30 |
| CVE-2026-30530 | A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the Actions.php file (specifically the save_customer action). The application fails to properly sanitize user input supplied to the "username" parameter. This allows an attacker to inject malicious SQL commands. | [email protected] | 9.8 | 0.48% | 2026-03-27 | 2026-03-30 |
| CVE-2026-30529 | A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the Actions.php file (specifically the save_user action). The application fails to properly sanitize user input supplied to the "username" parameter. This allows an authenticated attacker to inject malicious SQL commands. | [email protected] | 8.8 | 0.45% | 2026-03-27 | 2026-03-30 |
| CVE-2026-30527 | A Stored Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the Category management module within the admin panel. The application fails to properly sanitize user input supplied to the "Category Name" field when creating or updating a category. When an administrator or user visits the Category list page (or any page where this category is rendered), the injected JavaScript executes immediately in their browser. | [email protected] | 5.4 | 0.23% | 2026-03-27 | 2026-04-06 |
| CVE-2026-3819 | A vulnerability has been found in SourceCodester Resort Reservation System 1.0. The affected element is an unknown function of the file /?page=manage_reservation of the component Reservation Management Module. Such manipulation of the argument ID leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | [email protected] | 2.0 | 0.26% | 2026-03-09 | 2026-04-29 |
| CVE-2026-3806 | A weakness has been identified in SourceCodester/janobe Resort Reservation System 1.0. This issue affects some unknown processing of the file /room_rates.php. This manipulation of the argument q causes sql injection. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks. | [email protected] | 2.1 | 0.29% | 2026-03-09 | 2026-04-29 |
| CVE-2026-3800 | A vulnerability has been found in SourceCodester/janobe Resort Reservation System 1.0. Affected is the function doInsert of the file /controller.php?action=add. Such manipulation of the argument image leads to unrestricted upload. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. | [email protected] | 2.1 | 0.30% | 2026-03-09 | 2026-04-29 |
| CVE-2026-3771 | A vulnerability has been found in SourceCodester/janobe Resort Reservation System 1.0. This vulnerability affects unknown code of the file /accomodation.php. Such manipulation of the argument q leads to sql injection. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. | [email protected] | 2.1 | 0.29% | 2026-03-08 | 2026-04-29 |
| CVE-2026-3770 | A flaw has been found in SourceCodester Computer Laboratory Management System 1.0. This affects an unknown part. This manipulation causes cross-site request forgery. The attack is possible to be carried out remotely. The exploit has been published and may be used. | [email protected] | 2.1 | 0.21% | 2026-03-08 | 2026-04-29 |