Filtered by vendor Carmelo
Subscribe
Total
127 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-26694 | 1 Carmelo | 1 Simple Student Alumni System | 2026-03-03 | N/A | 9.8 CRITICAL |
| code-projects Simple Student Alumni System v1.0 is vulnerale to SQL Injection in /TracerStudy/modal_view.php. | |||||
| CVE-2026-26698 | 1 Carmelo | 1 Simple Student Alumni System | 2026-03-03 | N/A | 4.9 MEDIUM |
| code-projects Simple Student Alumni System v1.0 is vulnerable to SQL Injection in /TracerStudy/modal_edit.php. | |||||
| CVE-2026-26697 | 1 Carmelo | 1 Simple Student Alumni System | 2026-03-03 | N/A | 4.9 MEDIUM |
| code-projects Simple Student Alumni System v1.0 is vulnerable to SQL Injection in /TracerStudy/recordteacher_view.php?teacherID=. | |||||
| CVE-2026-26696 | 1 Carmelo | 1 Simple Student Alumni System | 2026-03-03 | N/A | 9.8 CRITICAL |
| code-projects Simple Student Alumni System v1.0 is vulnerable to SQL Injection in /TracerStudy/recordteacher_edit.php. | |||||
| CVE-2026-26713 | 1 Carmelo | 1 Simple Food Order System | 2026-03-03 | N/A | 9.8 CRITICAL |
| code-projects Simple Food Order System v1.0 is vulnerable to SQL Injection in /food/routers/cancel-order.php. | |||||
| CVE-2026-26712 | 1 Carmelo | 1 Simple Food Order System | 2026-03-03 | N/A | 9.8 CRITICAL |
| code-projects Simple Food Order System v1.0 is vulnerable to SQL Injection in /food/view-ticket-admin.php. | |||||
| CVE-2026-26711 | 1 Carmelo | 1 Simple Food Order System | 2026-03-03 | N/A | 9.8 CRITICAL |
| code-projects Simple Food Order System v1.0 is vulnerable to SQL Injection in /food/view-ticket.php. | |||||
| CVE-2026-26710 | 1 Carmelo | 1 Simple Food Order System | 2026-03-03 | N/A | 9.8 CRITICAL |
| code-projects Simple Food Order System v1.0 is vulnerable to SQL Injection in /food/routers/edit-orders.php. | |||||
| CVE-2026-2158 | 1 Carmelo | 1 Student Web Portal | 2026-02-11 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was detected in code-projects Student Web Portal 1.0. This impacts an unknown function of the file /check_user.php. Performing a manipulation of the argument Username results in sql injection. It is possible to initiate the attack remotely. | |||||
| CVE-2025-69559 | 1 Carmelo | 1 Computer Book Store | 2026-02-03 | N/A | 9.8 CRITICAL |
| code-projects Computer Book Store 1.0 is vulnerable to File Upload in admin_add.php. | |||||
| CVE-2025-5651 | 1 Carmelo | 1 Traffic Offense Reporting System | 2025-11-13 | 4.0 MEDIUM | 3.5 LOW |
| A vulnerability, which was classified as problematic, has been found in code-projects Traffic Offense Reporting System 1.0. This issue affects some unknown processing of the file saveuser.php. The manipulation of the argument user_id/username/email/name/position leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-5661 | 1 Carmelo | 1 Traffic Offense Reporting System | 2025-11-13 | 3.3 LOW | 2.4 LOW |
| A vulnerability, which was classified as problematic, was found in code-projects Traffic Offense Reporting System 1.0. This affects an unknown part of the file /save-settings.php of the component Setting Handler. The manipulation of the argument site_name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-60307 | 1 Carmelo | 1 Computer Laboratory System | 2025-10-21 | N/A | 9.8 CRITICAL |
| code-projects Computer Laboratory System 1.0 has a SQL injection vulnerability, where entering a universal password in the Password field on the login page can bypass login attempts. | |||||
| CVE-2025-56295 | 1 Carmelo | 1 Computer Laboratory System | 2025-09-18 | N/A | 7.3 HIGH |
| code-projects Computer Laboratory System 1.0 has a file upload vulnerability. Staff can upload malicious files by uploading PHP backdoor files when modifying personal avatar information and use web shell connection tools to obtain server permissions. | |||||
| CVE-2025-56280 | 1 Carmelo | 1 Food Ordering Review System | 2025-09-18 | N/A | 5.4 MEDIUM |
| code-projects Food Ordering Review System 1.0 is vulnerable to Cross Site Scripting (XSS) in the area where users submit reservation information. | |||||
| CVE-2025-56276 | 1 Carmelo | 1 Food Ordering Review System | 2025-09-18 | N/A | 5.4 MEDIUM |
| code-projects Food Ordering Review System 1.0 is vulnerable to Cross Site Scripting (XSS) in the registration function. An attacker enters malicious JavaScript code as a username, which triggers the XSS vulnerability when the admin views user information, resulting in the disclosure of the admin's cookie information. | |||||
| CVE-2025-6363 | 1 Carmelo | 1 Simple Pizza Ordering System | 2025-07-02 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability, which was classified as critical, was found in code-projects Simple Pizza Ordering System 1.0. Affected is an unknown function of the file /adding-exec.php. The manipulation of the argument ingname leads to sql injection. It is possible to launch the attack remotely. | |||||
| CVE-2025-6361 | 1 Carmelo | 1 Simple Pizza Ordering System | 2025-06-26 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability classified as critical was found in code-projects Simple Pizza Ordering System 1.0. This vulnerability affects unknown code of the file /adds.php. The manipulation of the argument userid leads to sql injection. The attack can be initiated remotely. | |||||
| CVE-2025-6362 | 1 Carmelo | 1 Simple Pizza Ordering System | 2025-06-26 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability, which was classified as critical, has been found in code-projects Simple Pizza Ordering System 1.0. This issue affects some unknown processing of the file /editpro.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. | |||||
| CVE-2025-6364 | 1 Carmelo | 1 Simple Pizza Ordering System | 2025-06-26 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability has been found in code-projects Simple Pizza Ordering System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /adduser-exec.php. The manipulation of the argument Username leads to sql injection. The attack can be launched remotely. | |||||