汇总 Oretnom23 相关全部产品的 CVE 与安全漏洞情报,包括 CVSS、EPSS、公开时间与漏洞情报数据。
常见弱点模式包括 输入验证问题、CSRF、路径处理缺陷与开放重定向,在 软件部署与生产负载 使用场景中可能带来 异常行为、文件覆盖与未授权访问 等风险。
相关漏洞数据主要来源于公开漏洞披露与安全公告,可用于评估历史漏洞暴露面与修复优先级。
| CVE | 摘要 | 来源 | 最高 CVSS | EPSS % | 公开时间 | 更新时间 |
|---|---|---|---|---|---|---|
| CVE-2026-36947 | Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL Injection in the file /rsms/admin/services/view_service.php. | [email protected] | 2.7 | 0.02% | 2026-04-13 | 2026-04-14 |
| CVE-2026-36946 | Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL injection in the file /rsms/admin/inquiries/view_details.php. | [email protected] | 2.7 | 0.02% | 2026-04-13 | 2026-05-10 |
| CVE-2026-36923 | Sourcecodester Cab Management System 1.0 is vulnerable to SQL Injection in the file /cms/admin/bookings/view_booking.php. | [email protected] | 2.7 | 0.02% | 2026-04-13 | 2026-04-14 |
| CVE-2026-36922 | Sourcecodester Cab Management System v1.0 is vulnerable to SQL injection in the file /cms/admin/categories/view_category.php. | [email protected] | 2.7 | 0.02% | 2026-04-13 | 2026-04-14 |
| CVE-2026-30523 | A Business Logic vulnerability exists in SourceCodester Loan Management System v1.0 due to the lack of proper input validation. The application allows administrators to define "Loan Plans" which determine the duration of a loan (in months). However, the backend fails to validate that the duration must be a positive integer. An attacker can submit a negative value for the months parameter. The system accepts this invalid data and creates a loan plan with a negative duration. | [email protected] | 6.5 | 0.05% | 2026-04-01 | 2026-04-07 |
| CVE-2026-30522 | A Business Logic vulnerability exists in SourceCodester Loan Management System v1.0 due to improper server-side validation. The application allows administrators to create "Loan Plans" with specific penalty rates for overdue payments. While the frontend interface prevents users from entering negative numbers in the "Monthly Overdue Penalty" field, this constraint is not enforced on the backend. An authenticated attacker can bypass the client-side restriction by manipulating the HTTP POST request | [email protected] | 6.5 | 0.04% | 2026-04-01 | 2026-04-01 |
| CVE-2026-30521 | A Business Logic vulnerability exists in SourceCodester Loan Management System v1.0 due to improper server-side validation. The application allows administrators to create "Loan Plans" with specific interest rates. While the frontend interface prevents users from entering negative numbers, this constraint is not enforced on the backend. An authenticated attacker can bypass the client-side restriction by manipulating the HTTP POST request to submit a negative value for the interest_percentage. Th | [email protected] | 6.5 | 0.02% | 2026-03-31 | 2026-04-02 |
| CVE-2026-30520 | A Blind SQL Injection vulnerability exists in SourceCodester Loan Management System v1.0. The vulnerability is located in the ajax.php file (specifically the save_loan action). The application fails to properly sanitize user input supplied to the "borrower_id" parameter in a POST request, allowing an authenticated attacker to inject malicious SQL commands. | [email protected] | 5.4 | 0.03% | 2026-03-31 | 2026-04-06 |
| CVE-2026-30534 | A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in admin/manage_category.php via the "id" parameter. | [email protected] | 8.3 | 0.03% | 2026-03-27 | 2026-03-30 |
| CVE-2026-30533 | A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the admin/manage_product.php file via the "id" parameter. | [email protected] | 9.8 | 0.03% | 2026-03-27 | 2026-03-30 |
| CVE-2026-30532 | A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the admin/view_product.php file via the "id" parameter. | [email protected] | 9.8 | 0.03% | 2026-03-27 | 2026-03-30 |
| CVE-2026-30531 | A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the Actions.php file (specifically the save_category action). The application fails to properly sanitize user input supplied to the "name" parameter. This allows an authenticated attacker to inject malicious SQL commands. | [email protected] | 8.8 | 0.03% | 2026-03-27 | 2026-03-30 |
| CVE-2026-30530 | A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the Actions.php file (specifically the save_customer action). The application fails to properly sanitize user input supplied to the "username" parameter. This allows an attacker to inject malicious SQL commands. | [email protected] | 9.8 | 0.01% | 2026-03-27 | 2026-03-30 |
| CVE-2026-30529 | A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the Actions.php file (specifically the save_user action). The application fails to properly sanitize user input supplied to the "username" parameter. This allows an authenticated attacker to inject malicious SQL commands. | [email protected] | 8.8 | 0.01% | 2026-03-27 | 2026-03-30 |
| CVE-2026-30527 | A Stored Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the Category management module within the admin panel. The application fails to properly sanitize user input supplied to the "Category Name" field when creating or updating a category. When an administrator or user visits the Category list page (or any page where this category is rendered), the injected JavaScript executes immediately in their browser. | [email protected] | 5.4 | 0.02% | 2026-03-27 | 2026-04-06 |
| CVE-2026-3819 | A vulnerability has been found in SourceCodester Resort Reservation System 1.0. The affected element is an unknown function of the file /?page=manage_reservation of the component Reservation Management Module. Such manipulation of the argument ID leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | [email protected] | 2.0 | 0.03% | 2026-03-09 | 2026-04-29 |
| CVE-2026-3806 | A weakness has been identified in SourceCodester/janobe Resort Reservation System 1.0. This issue affects some unknown processing of the file /room_rates.php. This manipulation of the argument q causes sql injection. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks. | [email protected] | 2.1 | 0.03% | 2026-03-09 | 2026-04-29 |
| CVE-2026-3800 | A vulnerability has been found in SourceCodester/janobe Resort Reservation System 1.0. Affected is the function doInsert of the file /controller.php?action=add. Such manipulation of the argument image leads to unrestricted upload. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. | [email protected] | 2.1 | 0.04% | 2026-03-09 | 2026-04-29 |
| CVE-2026-3771 | A vulnerability has been found in SourceCodester/janobe Resort Reservation System 1.0. This vulnerability affects unknown code of the file /accomodation.php. Such manipulation of the argument q leads to sql injection. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. | [email protected] | 2.1 | 0.03% | 2026-03-08 | 2026-04-29 |
| CVE-2026-3770 | A flaw has been found in SourceCodester Computer Laboratory Management System 1.0. This affects an unknown part. This manipulation causes cross-site request forgery. The attack is possible to be carried out remotely. The exploit has been published and may be used. | [email protected] | 2.1 | 0.06% | 2026-03-08 | 2026-04-29 |