彙總 Itsourcecode 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。
已披露問題常與 SQL 注入與跨站腳本 相關,可能在 軟體部署與生產負載 場景中帶來 資料外洩與工作階段劫持 等暴露風險。
相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2025-7182 | A vulnerability has been found in itsourcecode Student Transcript Processing System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/modules/subject/edit.php. The manipulation of the argument pre leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | [email protected] | 2.1 | 0.28% | 2025-07-08 | 2026-06-17 |
| CVE-2024-7495 | A vulnerability, which was classified as critical, was found in itsourcecode Laravel Accounting System 1.0. This affects an unknown part of the file app/Http/Controllers/HomeController.php. The manipulation of the argument image leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-273621 was assigned to this vulnerability. | [email protected] | 5.3 | 0.60% | 2024-08-05 | 2026-06-17 |
| CVE-2024-37873 | SQL injection vulnerability in view_payslip.php in Itsourcecode Payroll Management System Project In PHP With Source Code 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | [email protected] | 9.8 | 0.67% | 2024-07-09 | 2026-06-17 |
| CVE-2024-37870 | SQL injection vulnerability in processscore.php in Learning Management System Project In PHP With Source Code 1.0 allows attackers to execute arbitrary SQL commands via the id parameter. | [email protected] | 9.8 | 0.49% | 2024-07-09 | 2026-06-17 |
| CVE-2024-6196 | A vulnerability was found in itsourcecode Banking Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file admin_class.php. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-269168. | [email protected] | 6.9 | 0.56% | 2024-06-20 | 2026-06-17 |
| CVE-2024-6195 | A vulnerability has been found in itsourcecode Tailoring Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file orderadd.php. The manipulation of the argument customer leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-269167. | [email protected] | 5.3 | 0.45% | 2024-06-20 | 2026-06-17 |
| CVE-2024-6194 | A vulnerability, which was classified as critical, was found in itsourcecode Tailoring Management System 1.0. Affected is an unknown function of the file editmeasurement.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-269166 is the identifier assigned to this vulnerability. | [email protected] | 5.3 | 0.45% | 2024-06-20 | 2026-06-17 |
| CVE-2024-6193 | A vulnerability, which was classified as critical, has been found in itsourcecode Vehicle Management System 1.0. This issue affects some unknown processing of the file driverprofile.php. The manipulation of the argument driverid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-269165 was assigned to this vulnerability. | [email protected] | 6.9 | 0.53% | 2024-06-20 | 2026-06-17 |
| CVE-2024-37840 | SQL injection vulnerability in processscore.php in Itsourcecode Learning Management System Project In PHP With Source Code v1.0 allows remote attackers to execute arbitrary SQL commands via the LessonID parameter. | [email protected] | 8.8 | 0.50% | 2024-06-17 | 2026-06-17 |
| CVE-2024-6016 | A vulnerability, which was classified as critical, has been found in itsourcecode Online Laundry Management System 1.0. Affected by this issue is some unknown functionality of the file admin_class.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-268724. | [email protected] | 5.3 | 0.52% | 2024-06-15 | 2026-06-17 |
| CVE-2024-6015 | A vulnerability classified as critical was found in itsourcecode Online House Rental System 1.0. Affected by this vulnerability is an unknown functionality of the file manage_user.php. The manipulation of the argument month_of leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-268723. | [email protected] | 5.3 | 0.50% | 2024-06-15 | 2026-06-17 |
| CVE-2024-6014 | A vulnerability classified as critical has been found in itsourcecode Document Management System 1.0. Affected is an unknown function of the file edithis.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-268722 is the identifier assigned to this vulnerability. | [email protected] | 5.3 | 0.50% | 2024-06-15 | 2026-06-17 |
| CVE-2024-6013 | A vulnerability was found in itsourcecode Online Book Store 1.0. It has been rated as critical. This issue affects some unknown processing of the file admin_delete.php. The manipulation of the argument bookisbn leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-268721 was assigned to this vulnerability. | [email protected] | 5.3 | 0.50% | 2024-06-15 | 2026-06-17 |
| CVE-2024-6009 | A vulnerability has been found in itsourcecode Event Calendar 1.0 and classified as critical. Affected by this vulnerability is the function regConfirm/regDelete of the file process.php. The manipulation of the argument userId leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-268699. | [email protected] | 5.3 | 0.50% | 2024-06-15 | 2026-06-17 |
| CVE-2024-37831 | Itsourcecode Payroll Management System 1.0 is vulnerable to SQL Injection in payroll_items.php via the ID parameter. | [email protected] | 9.8 | 0.41% | 2024-06-14 | 2026-06-17 |
| CVE-2024-5984 | A vulnerability was found in itsourcecode Online Bookstore 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file book.php. The manipulation of the argument bookisbn leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-268460. | [email protected] | 6.9 | 0.79% | 2024-06-13 | 2026-06-17 |
| CVE-2024-5983 | A vulnerability was found in itsourcecode Online Bookstore 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file bookPerPub.php. The manipulation of the argument pubid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-268459. | [email protected] | 6.9 | 0.64% | 2024-06-13 | 2026-06-17 |
| CVE-2024-37849 | A SQL Injection vulnerability in itsourcecode Billing System 1.0 allows a local attacker to execute arbitrary code in process.php via the username parameter. | [email protected] | 9.8 | 0.73% | 2024-06-13 | 2026-06-17 |
| CVE-2024-5588 | A vulnerability was found in itsourcecode Learning Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file processscore.php. The manipulation of the argument LessonID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-266839. | [email protected] | 5.3 | 0.61% | 2024-06-02 | 2026-06-17 |
| CVE-2024-5519 | A vulnerability classified as critical was found in ItsourceCode Learning Management System Project In PHP 1.0. This vulnerability affects unknown code of the file login.php. The manipulation of the argument user_email leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-266590 is the identifier assigned to this vulnerability. | [email protected] | 6.9 | 0.85% | 2024-05-30 | 2026-06-17 |