Filtered by vendor Oretnom23
Subscribe
Total
760 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-31347 | 1 Oretnom23 | 1 Online Car Wash Booking System | 2026-02-18 | 7.5 HIGH | 9.8 CRITICAL |
| Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/classes/Master.php?f=delete_vehicle. | |||||
| CVE-2022-31352 | 1 Oretnom23 | 1 Online Car Wash Booking System | 2026-02-18 | 7.5 HIGH | 9.8 CRITICAL |
| Online Car Wash Booking System v1.0 by oretnom23 has SQL injection in /ocwbs/admin/services/manage_service.php?id=. | |||||
| CVE-2022-31346 | 1 Oretnom23 | 1 Online Car Wash Booking System | 2026-02-18 | 7.5 HIGH | 9.8 CRITICAL |
| Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/classes/Master.php?f=delete_service. | |||||
| CVE-2022-31353 | 1 Oretnom23 | 1 Online Car Wash Booking System | 2026-02-18 | 7.5 HIGH | 9.8 CRITICAL |
| Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/services/view_service.php?id=. | |||||
| CVE-2022-31344 | 1 Oretnom23 | 1 Online Car Wash Booking System | 2026-02-18 | 7.5 HIGH | 9.8 CRITICAL |
| Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/classes/Master.php?f=delete_booking. | |||||
| CVE-2022-31351 | 1 Oretnom23 | 1 Online Car Wash Booking System | 2026-02-18 | 7.5 HIGH | 9.8 CRITICAL |
| Online Car Wash Booking System v1.0 by oretnom23 has SQL injection via /ocwbs/admin/services/manage_price.php?id=. | |||||
| CVE-2022-31348 | 1 Oretnom23 | 1 Online Car Wash Booking System | 2026-02-18 | 7.5 HIGH | 9.8 CRITICAL |
| Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/bookings/update_status.php?id=. | |||||
| CVE-2023-43944 | 1 Oretnom23 | 1 Task Management System | 2026-01-27 | N/A | 5.4 MEDIUM |
| A Stored Cross Site Scripting (XSS) vulnerability was found in SourceCodester Task Management System 1.0. It allows attackers to execute arbitrary code via parameter field in index.php?page=project_list. | |||||
| CVE-2024-7930 | 1 Oretnom23 | 1 Clinic\'s Patient Management System | 2026-01-23 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability has been found in SourceCodester Clinics Patient Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /pms/ajax/get_packings.php. The manipulation of the argument medicine_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2023-7123 | 1 Oretnom23 | 1 Medicine Tracker System | 2026-01-23 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability, which was classified as critical, has been found in SourceCodester Medicine Tracking System 1.0. This issue affects some unknown processing of the file /classes/Master.php? f=save_medicine. The manipulation of the argument id/name/description leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249095. | |||||
| CVE-2024-7841 | 1 Oretnom23 | 1 Clinic\'s Patient Management System | 2026-01-23 | 6.5 MEDIUM | 6.3 MEDIUM |
| A vulnerability classified as critical was found in SourceCodester Clinics Patient Management System 1.0. This vulnerability affects unknown code of the file /pms/ajax/check_user_name.php. The manipulation of the argument user_name leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2021-41659 | 1 Oretnom23 | 1 Banking System | 2025-12-16 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability in Sourcecodester Banking System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username or password field. | |||||
| CVE-2022-26644 | 1 Oretnom23 | 1 Banking System | 2025-12-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| Online Banking System Protect v1.0 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities via parameters on user profile, system_info and accounts management. | |||||
| CVE-2022-26645 | 1 Oretnom23 | 1 Banking System | 2025-12-16 | 7.5 HIGH | 9.8 CRITICAL |
| A remote code execution (RCE) vulnerability in Online Banking System Protect v1.0 allows attackers to execute arbitrary code via a crafted PHP file uploaded through the Upload Image function. | |||||
| CVE-2022-26646 | 1 Oretnom23 | 1 Banking System | 2025-12-16 | 7.5 HIGH | 9.8 CRITICAL |
| Online Banking System Protect v1.0 was discovered to contain a local file inclusion (LFI) vulnerability via the pages parameter. | |||||
| CVE-2025-65881 | 1 Oretnom23 | 1 Zoo Management System | 2025-12-05 | N/A | 6.1 MEDIUM |
| Sourcecodester Zoo Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /classes/Login.php. | |||||
| CVE-2025-63891 | 1 Oretnom23 | 1 Simple Online Book Store System | 2025-11-19 | N/A | 7.5 HIGH |
| Information Disclosure in web-accessible backup file in SourceCodester Simple Online Book Store System allows a remote unauthenticated attacker to disclose full database contents (including schema and credential hashes) via an unauthenticated HTTP GET request to /obs/database/obs_db.sql. | |||||
| CVE-2023-38965 | 1 Oretnom23 | 1 Lost And Found Information System | 2025-11-11 | N/A | 9.8 CRITICAL |
| Lost and Found Information System 1.0 allows account takeover via username and password to a /classes/Users.php?f=save URI. | |||||
| CVE-2025-2868 | 1 Oretnom23 | 1 Clinic Queuing System | 2025-10-15 | N/A | 6.1 MEDIUM |
| Reflected Cross-Site Scripting (XSS) vulnerability in version 1.0 of the Clinic Queuing System. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the page parameter in /index.php. | |||||
| CVE-2025-2869 | 1 Oretnom23 | 1 Clinic Queuing System | 2025-10-15 | N/A | 6.1 MEDIUM |
| Reflected Cross-Site Scripting (XSS) vulnerability in version 1.0 of the Clinic Queuing System. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the id parameter in /manage_user.php. | |||||