Aggregates CVE and security vulnerability intelligence across all sourcecodester-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Disclosed issues often relate to vendor risk cross-site scripting, vendor risk sql injection, and vendor risk csrf; exposure may include vendor impact session compromise in vendor surface production workloads contexts.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2025-6160 | A vulnerability, which was classified as critical, has been found in SourceCodester Client Database Management System 1.0. This issue affects some unknown processing of the file /user_customer_create_order.php. The manipulation of the argument user_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | [email protected] | 5.5 | 0.50% | 2025-06-17 | 2026-06-17 |
| CVE-2024-34231 | A cross-site scripting (XSS) vulnerability in Sourcecodester Laboratory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the System Short Name parameter. | [email protected] | 7.1 | 0.49% | 2024-05-14 | 2026-06-17 |
| CVE-2024-34230 | A cross-site scripting (XSS) vulnerability in Sourcecodester Laboratory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the System Information parameter. | [email protected] | 6.1 | 0.47% | 2024-05-14 | 2026-06-17 |
| CVE-2024-33305 | SourceCodester Laboratory Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via "Middle Name" parameter in Create User. | [email protected] | 6.1 | 0.43% | 2024-05-02 | 2026-06-17 |
| CVE-2024-33307 | SourceCodester Laboratory Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via "Last Name" parameter in Create User. | [email protected] | 5.4 | 0.40% | 2024-05-01 | 2026-06-17 |
| CVE-2024-33306 | SourceCodester Laboratory Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via "First Name" parameter in Create User. | [email protected] | 7.4 | 0.66% | 2024-05-01 | 2026-06-17 |
| CVE-2021-41728 | Cross Site Scripting (XSS) vulnerability exists in Sourcecodester News247 CMS 1.0 via the search function in articles. | [email protected] | 6.1 | 0.62% | 2021-10-28 | 2026-06-17 |
| CVE-2019-18417 | Sourcecodester Restaurant Management System 1.0 allows an authenticated attacker to upload arbitrary files that can result in code execution. The issue occurs because the application fails to adequately sanitize user-supplied input, e.g., "add a new food" allows .php files. | [email protected] | 8.8 | 1.73% | 2019-10-24 | 2026-06-16 |
| CVE-2019-18414 | Sourcecodester Restaurant Management System 1.0 is affected by an admin/staff-exec.php Cross Site Request Forgery vulnerability due to a lack of CSRF protection. This could lead to an attacker tricking the administrator into executing arbitrary code or adding a staff entry via a crafted HTML page. | [email protected] | 8.8 | 0.48% | 2019-10-24 | 2026-06-16 |