彙總 Oretnom23 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。
常見弱點模式包括 輸入驗證問題、CSRF、路徑處理缺陷與開放重定向,在 軟體部署與生產負載 使用場景中可能帶來 異常行為、檔案覆寫與未授權存取 等風險。
相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2026-36947 | Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL Injection in the file /rsms/admin/services/view_service.php. | [email protected] | 2.7 | 0.02% | 2026-04-13 | 2026-04-14 |
| CVE-2026-36946 | Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL injection in the file /rsms/admin/inquiries/view_details.php. | [email protected] | 2.7 | 0.02% | 2026-04-13 | 2026-05-10 |
| CVE-2026-36923 | Sourcecodester Cab Management System 1.0 is vulnerable to SQL Injection in the file /cms/admin/bookings/view_booking.php. | [email protected] | 2.7 | 0.02% | 2026-04-13 | 2026-04-14 |
| CVE-2026-36922 | Sourcecodester Cab Management System v1.0 is vulnerable to SQL injection in the file /cms/admin/categories/view_category.php. | [email protected] | 2.7 | 0.02% | 2026-04-13 | 2026-04-14 |
| CVE-2026-30523 | A Business Logic vulnerability exists in SourceCodester Loan Management System v1.0 due to the lack of proper input validation. The application allows administrators to define "Loan Plans" which determine the duration of a loan (in months). However, the backend fails to validate that the duration must be a positive integer. An attacker can submit a negative value for the months parameter. The system accepts this invalid data and creates a loan plan with a negative duration. | [email protected] | 6.5 | 0.05% | 2026-04-01 | 2026-04-07 |
| CVE-2026-30522 | A Business Logic vulnerability exists in SourceCodester Loan Management System v1.0 due to improper server-side validation. The application allows administrators to create "Loan Plans" with specific penalty rates for overdue payments. While the frontend interface prevents users from entering negative numbers in the "Monthly Overdue Penalty" field, this constraint is not enforced on the backend. An authenticated attacker can bypass the client-side restriction by manipulating the HTTP POST request | [email protected] | 6.5 | 0.06% | 2026-04-01 | 2026-04-01 |
| CVE-2026-30521 | A Business Logic vulnerability exists in SourceCodester Loan Management System v1.0 due to improper server-side validation. The application allows administrators to create "Loan Plans" with specific interest rates. While the frontend interface prevents users from entering negative numbers, this constraint is not enforced on the backend. An authenticated attacker can bypass the client-side restriction by manipulating the HTTP POST request to submit a negative value for the interest_percentage. Th | [email protected] | 6.5 | 0.02% | 2026-03-31 | 2026-04-02 |
| CVE-2026-30520 | A Blind SQL Injection vulnerability exists in SourceCodester Loan Management System v1.0. The vulnerability is located in the ajax.php file (specifically the save_loan action). The application fails to properly sanitize user input supplied to the "borrower_id" parameter in a POST request, allowing an authenticated attacker to inject malicious SQL commands. | [email protected] | 5.4 | 0.03% | 2026-03-31 | 2026-04-06 |
| CVE-2026-30534 | A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in admin/manage_category.php via the "id" parameter. | [email protected] | 8.3 | 0.03% | 2026-03-27 | 2026-03-30 |
| CVE-2026-30533 | A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the admin/manage_product.php file via the "id" parameter. | [email protected] | 9.8 | 0.03% | 2026-03-27 | 2026-03-30 |
| CVE-2026-30532 | A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the admin/view_product.php file via the "id" parameter. | [email protected] | 9.8 | 0.03% | 2026-03-27 | 2026-03-30 |
| CVE-2026-30531 | A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the Actions.php file (specifically the save_category action). The application fails to properly sanitize user input supplied to the "name" parameter. This allows an authenticated attacker to inject malicious SQL commands. | [email protected] | 8.8 | 0.03% | 2026-03-27 | 2026-03-30 |
| CVE-2026-30530 | A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the Actions.php file (specifically the save_customer action). The application fails to properly sanitize user input supplied to the "username" parameter. This allows an attacker to inject malicious SQL commands. | [email protected] | 9.8 | 0.01% | 2026-03-27 | 2026-03-30 |
| CVE-2026-30529 | A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the Actions.php file (specifically the save_user action). The application fails to properly sanitize user input supplied to the "username" parameter. This allows an authenticated attacker to inject malicious SQL commands. | [email protected] | 8.8 | 0.01% | 2026-03-27 | 2026-03-30 |
| CVE-2026-30527 | A Stored Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the Category management module within the admin panel. The application fails to properly sanitize user input supplied to the "Category Name" field when creating or updating a category. When an administrator or user visits the Category list page (or any page where this category is rendered), the injected JavaScript executes immediately in their browser. | [email protected] | 5.4 | 0.02% | 2026-03-27 | 2026-04-06 |
| CVE-2026-3819 | A vulnerability has been found in SourceCodester Resort Reservation System 1.0. The affected element is an unknown function of the file /?page=manage_reservation of the component Reservation Management Module. Such manipulation of the argument ID leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | [email protected] | 2.0 | 0.03% | 2026-03-09 | 2026-04-29 |
| CVE-2026-3806 | A weakness has been identified in SourceCodester/janobe Resort Reservation System 1.0. This issue affects some unknown processing of the file /room_rates.php. This manipulation of the argument q causes sql injection. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks. | [email protected] | 2.1 | 0.03% | 2026-03-09 | 2026-04-29 |
| CVE-2026-3800 | A vulnerability has been found in SourceCodester/janobe Resort Reservation System 1.0. Affected is the function doInsert of the file /controller.php?action=add. Such manipulation of the argument image leads to unrestricted upload. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. | [email protected] | 2.1 | 0.04% | 2026-03-09 | 2026-04-29 |
| CVE-2026-3771 | A vulnerability has been found in SourceCodester/janobe Resort Reservation System 1.0. This vulnerability affects unknown code of the file /accomodation.php. Such manipulation of the argument q leads to sql injection. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. | [email protected] | 2.1 | 0.03% | 2026-03-08 | 2026-04-29 |
| CVE-2026-3770 | A flaw has been found in SourceCodester Computer Laboratory Management System 1.0. This affects an unknown part. This manipulation causes cross-site request forgery. The attack is possible to be carried out remotely. The exploit has been published and may be used. | [email protected] | 2.1 | 0.06% | 2026-03-08 | 2026-04-29 |