彙總 sourcecodester 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。
已披露問題常與 跨站腳本、SQL 注入與CSRF 相關,可能在 生產負載與軟體部署 場景中帶來 工作階段劫持與資料外洩 等暴露風險。
相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2025-6160 | A vulnerability, which was classified as critical, has been found in SourceCodester Client Database Management System 1.0. This issue affects some unknown processing of the file /user_customer_create_order.php. The manipulation of the argument user_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | [email protected] | 5.5 | 0.50% | 2025-06-17 | 2026-06-17 |
| CVE-2024-34231 | A cross-site scripting (XSS) vulnerability in Sourcecodester Laboratory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the System Short Name parameter. | [email protected] | 7.1 | 0.49% | 2024-05-14 | 2026-06-17 |
| CVE-2024-34230 | A cross-site scripting (XSS) vulnerability in Sourcecodester Laboratory Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the System Information parameter. | [email protected] | 6.1 | 0.47% | 2024-05-14 | 2026-06-17 |
| CVE-2024-33305 | SourceCodester Laboratory Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via "Middle Name" parameter in Create User. | [email protected] | 6.1 | 0.43% | 2024-05-02 | 2026-06-17 |
| CVE-2024-33307 | SourceCodester Laboratory Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via "Last Name" parameter in Create User. | [email protected] | 5.4 | 0.40% | 2024-05-01 | 2026-06-17 |
| CVE-2024-33306 | SourceCodester Laboratory Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via "First Name" parameter in Create User. | [email protected] | 7.4 | 0.66% | 2024-05-01 | 2026-06-17 |
| CVE-2021-41728 | Cross Site Scripting (XSS) vulnerability exists in Sourcecodester News247 CMS 1.0 via the search function in articles. | [email protected] | 6.1 | 0.62% | 2021-10-28 | 2026-06-17 |
| CVE-2019-18417 | Sourcecodester Restaurant Management System 1.0 allows an authenticated attacker to upload arbitrary files that can result in code execution. The issue occurs because the application fails to adequately sanitize user-supplied input, e.g., "add a new food" allows .php files. | [email protected] | 8.8 | 1.73% | 2019-10-24 | 2026-06-16 |
| CVE-2019-18414 | Sourcecodester Restaurant Management System 1.0 is affected by an admin/staff-exec.php Cross Site Request Forgery vulnerability due to a lack of CSRF protection. This could lead to an attacker tricking the administrator into executing arbitrary code or adding a staff entry via a crafted HTML page. | [email protected] | 8.8 | 0.48% | 2019-10-24 | 2026-06-16 |