汇总 sourcecodester 相关全部产品的 CVE 与安全漏洞情报,包括 CVSS、EPSS、公开时间与漏洞情报数据。
已披露问题常与 跨站脚本、SQL 注入与CSRF 相关,可能在 生产负载与软件部署 场景中带来 会话劫持与数据泄露 等暴露风险。
相关漏洞数据主要来源于公开漏洞披露与安全公告,可用于评估历史漏洞暴露面与修复优先级。
| CVE | 摘要 | 来源 | 最高 CVSS | EPSS % | 公开时间 | 更新时间 |
|---|---|---|---|---|---|---|
| CVE-2025-6160 | A vulnerability, which was classified as critical, has been found in SourceCodester Client Database Management System 1.0. This issue affects some unknown processing of the file /user_customer_create_order.php. The manipulation of the argument user_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | [email protected] | 5.5 | 0.50% | 2025-06-17 | 2026-06-17 |
| CVE-2024-34231 | A cross-site scripting (XSS) vulnerability in Sourcecodester Laboratory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the System Short Name parameter. | [email protected] | 7.1 | 0.49% | 2024-05-14 | 2026-06-17 |
| CVE-2024-34230 | A cross-site scripting (XSS) vulnerability in Sourcecodester Laboratory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the System Information parameter. | [email protected] | 6.1 | 0.47% | 2024-05-14 | 2026-06-17 |
| CVE-2024-33305 | SourceCodester Laboratory Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via "Middle Name" parameter in Create User. | [email protected] | 6.1 | 0.43% | 2024-05-02 | 2026-06-17 |
| CVE-2024-33307 | SourceCodester Laboratory Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via "Last Name" parameter in Create User. | [email protected] | 5.4 | 0.40% | 2024-05-01 | 2026-06-17 |
| CVE-2024-33306 | SourceCodester Laboratory Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via "First Name" parameter in Create User. | [email protected] | 7.4 | 0.66% | 2024-05-01 | 2026-06-17 |
| CVE-2021-41728 | Cross Site Scripting (XSS) vulnerability exists in Sourcecodester News247 CMS 1.0 via the search function in articles. | [email protected] | 6.1 | 0.62% | 2021-10-28 | 2026-06-17 |
| CVE-2019-18417 | Sourcecodester Restaurant Management System 1.0 allows an authenticated attacker to upload arbitrary files that can result in code execution. The issue occurs because the application fails to adequately sanitize user-supplied input, e.g., "add a new food" allows .php files. | [email protected] | 8.8 | 1.73% | 2019-10-24 | 2026-06-16 |
| CVE-2019-18414 | Sourcecodester Restaurant Management System 1.0 is affected by an admin/staff-exec.php Cross Site Request Forgery vulnerability due to a lack of CSRF protection. This could lead to an attacker tricking the administrator into executing arbitrary code or adding a staff entry via a crafted HTML page. | [email protected] | 8.8 | 0.48% | 2019-10-24 | 2026-06-16 |