Search

Find a vulnerability

Search criteria

    3780 vulnerabilities by SourceCodester

    CVE-2026-15715 (GCVE-0-2026-15715)

    Vulnerability from nvd – Published: 2026-07-14 17:45 – Updated: 2026-07-14 19:51 X_Freeware
    VLAI
    Title
    SourceCodester Class and Exam Timetabling System exam.php cross site scripting
    Summary
    A vulnerability was identified in SourceCodester Class and Exam Timetabling System 1.0. Affected by this vulnerability is an unknown functionality of the file /exam.php. Such manipulation of the argument day leads to cross site scripting. It is possible to launch the attack remotely. The exploit is publicly available and might be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/vuln/378291 vdb-entrytechnical-description
    https://vuldb.com/vuln/378291/cti signaturepermissions-required
    https://vuldb.com/cve/CVE-2026-15715 third-party-advisory
    https://vuldb.com/submit/856170 third-party-advisory
    https://vuldb.com/submit/856171 third-party-advisory
    https://github.com/AlbaDove/cve/issues/7 exploitissue-tracking
    https://www.sourcecodester.com/ product
    Impacted products
    Vendor Product Version
    SourceCodester Class and Exam Timetabling System Affected: 1.0
        cpe:2.3:a:sourcecodester:class_and_exam_timetabling_system:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    AlbaDove (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-15715",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-14T19:41:46.666371Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-14T19:51:21.035Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:sourcecodester:class_and_exam_timetabling_system:*:*:*:*:*:*:*:*"
              ],
              "product": "Class and Exam Timetabling System",
              "vendor": "SourceCodester",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "AlbaDove (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was identified in SourceCodester Class and Exam Timetabling System 1.0. Affected by this vulnerability is an unknown functionality of the file /exam.php. Such manipulation of the argument day leads to cross site scripting. It is possible to launch the attack remotely. The exploit is publicly available and might be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 5,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Cross Site Scripting",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "Code Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T17:45:08.923Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-378291 | SourceCodester Class and Exam Timetabling System exam.php cross site scripting",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/378291"
            },
            {
              "name": "VDB-378291 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/378291/cti"
            },
            {
              "name": "CVE-2026-15715 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-15715"
            },
            {
              "name": "Submit #856170 | sourcecodester  Class and Exam Timetabling System V1.0 cross site scripting",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/856170"
            },
            {
              "name": "Submit #856171 | sourcecodester  Class and Exam Timetabling System V1.0 cross site scripting (Duplicate)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/856171"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/AlbaDove/cve/issues/7"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.sourcecodester.com/"
            }
          ],
          "tags": [
            "x_freeware"
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-14T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-07-14T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-07-14T12:45:59.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "SourceCodester Class and Exam Timetabling System exam.php cross site scripting"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-15715",
        "datePublished": "2026-07-14T17:45:08.923Z",
        "dateReserved": "2026-07-14T10:40:56.375Z",
        "dateUpdated": "2026-07-14T19:51:21.035Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-15703 (GCVE-0-2026-15703)

    Vulnerability from nvd – Published: 2026-07-14 17:00 – Updated: 2026-07-15 15:45 X_Freeware
    VLAI
    Title
    SourceCodester Simple and Nice Shopping Cart Script userproductdeletequery.php sql injection
    Summary
    A vulnerability was detected in SourceCodester Simple and Nice Shopping Cart Script 1.0. This vulnerability affects unknown code of the file /admin/userproductdeletequery.php. Performing a manipulation of the argument user_id results in sql injection. It is possible to initiate the attack remotely. The exploit is now public and may be used.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/vuln/378250 vdb-entrytechnical-description
    https://vuldb.com/vuln/378250/cti signaturepermissions-required
    https://vuldb.com/cve/CVE-2026-15703 third-party-advisory
    https://vuldb.com/submit/856152 third-party-advisory
    https://github.com/Wut-sys/cve/issues/1 exploitissue-tracking
    https://www.sourcecodester.com/ product
    Impacted products
    Vendor Product Version
    SourceCodester Simple and Nice Shopping Cart Script Affected: 1.0
        cpe:2.3:a:sourcecodester:simple_and_nice_shopping_cart_script:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    huajuan (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-15703",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-15T15:45:13.311758Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T15:45:27.209Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:sourcecodester:simple_and_nice_shopping_cart_script:*:*:*:*:*:*:*:*"
              ],
              "product": "Simple and Nice Shopping Cart Script",
              "vendor": "SourceCodester",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "huajuan (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was detected in SourceCodester Simple and Nice Shopping Cart Script 1.0. This vulnerability affects unknown code of the file /admin/userproductdeletequery.php. Performing a manipulation of the argument user_id results in sql injection. It is possible to initiate the attack remotely. The exploit is now public and may be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 7.5,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "SQL Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T17:00:08.729Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-378250 | SourceCodester Simple and Nice Shopping Cart Script userproductdeletequery.php sql injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/378250"
            },
            {
              "name": "VDB-378250 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/378250/cti"
            },
            {
              "name": "CVE-2026-15703 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-15703"
            },
            {
              "name": "Submit #856152 | SourceCodester Simple and Nice Shopping Cart Script in PHP  1.0 SQL Injection",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/856152"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/Wut-sys/cve/issues/1"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.sourcecodester.com/"
            }
          ],
          "tags": [
            "x_freeware"
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-14T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-07-14T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-07-14T12:56:51.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "SourceCodester Simple and Nice Shopping Cart Script userproductdeletequery.php sql injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-15703",
        "datePublished": "2026-07-14T17:00:08.729Z",
        "dateReserved": "2026-07-14T05:39:51.433Z",
        "dateUpdated": "2026-07-15T15:45:27.209Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-15597 (GCVE-0-2026-15597)

    Vulnerability from nvd – Published: 2026-07-13 21:45 – Updated: 2026-07-14 14:30 X_Freeware
    VLAI
    Title
    SourceCodester Class and Exam Timetabling System edit_exam2.php sql injection
    Summary
    A security flaw has been discovered in SourceCodester Class and Exam Timetabling System 1.0/2.php. This affects an unknown function of the file /edit_exam2.php. Performing a manipulation of the argument ID results in sql injection. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/vuln/378112 vdb-entrytechnical-description
    https://vuldb.com/vuln/378112/cti signaturepermissions-required
    https://vuldb.com/cve/CVE-2026-15597 third-party-advisory
    https://vuldb.com/submit/855298 third-party-advisory
    https://github.com/asdasddqwdq29-a11y/new-cve/issues/1 exploitissue-tracking
    https://www.sourcecodester.com/ product
    Impacted products
    Vendor Product Version
    SourceCodester Class and Exam Timetabling System Affected: 1.0
    Affected: 2.php
        cpe:2.3:a:sourcecodester:class_and_exam_timetabling_system:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    bzdXBHu0xzWRJ (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-15597",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-14T13:18:08.799716Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-14T14:30:40.312Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:sourcecodester:class_and_exam_timetabling_system:*:*:*:*:*:*:*:*"
              ],
              "product": "Class and Exam Timetabling System",
              "vendor": "SourceCodester",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0"
                },
                {
                  "status": "affected",
                  "version": "2.php"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "bzdXBHu0xzWRJ (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security flaw has been discovered in SourceCodester Class and Exam Timetabling System 1.0/2.php. This affects an unknown function of the file /edit_exam2.php. Performing a manipulation of the argument ID results in sql injection. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 7.5,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "SQL Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-13T21:45:09.410Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-378112 | SourceCodester Class and Exam Timetabling System edit_exam2.php sql injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/378112"
            },
            {
              "name": "VDB-378112 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/378112/cti"
            },
            {
              "name": "CVE-2026-15597 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-15597"
            },
            {
              "name": "Submit #855298 | sourcecodester  Class and Exam Timetabling System V1.0 SQL injection",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/855298"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/asdasddqwdq29-a11y/new-cve/issues/1"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.sourcecodester.com/"
            }
          ],
          "tags": [
            "x_freeware"
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-13T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-07-13T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-07-13T16:09:23.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "SourceCodester Class and Exam Timetabling System edit_exam2.php sql injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-15597",
        "datePublished": "2026-07-13T21:45:09.410Z",
        "dateReserved": "2026-07-13T14:04:19.950Z",
        "dateUpdated": "2026-07-14T14:30:40.312Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-15596 (GCVE-0-2026-15596)

    Vulnerability from nvd – Published: 2026-07-13 21:30 – Updated: 2026-07-15 14:23 X_Freeware
    VLAI
    Title
    SourceCodester Class and Exam Timetabling System subject.php cross site scripting
    Summary
    A vulnerability was identified in SourceCodester Class and Exam Timetabling System 1.0. The impacted element is an unknown function of the file /subject.php. Such manipulation of the argument subject leads to cross site scripting. It is possible to launch the attack remotely. The exploit is publicly available and might be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/vuln/378111 vdb-entrytechnical-description
    https://vuldb.com/vuln/378111/cti signaturepermissions-required
    https://vuldb.com/cve/CVE-2026-15596 third-party-advisory
    https://vuldb.com/submit/855269 third-party-advisory
    https://github.com/AlbaDove/cve/issues/5 exploitissue-tracking
    https://www.sourcecodester.com/ product
    Impacted products
    Vendor Product Version
    SourceCodester Class and Exam Timetabling System Affected: 1.0
        cpe:2.3:a:sourcecodester:class_and_exam_timetabling_system:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    AlbaDove (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-15596",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-15T14:23:39.872894Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T14:23:52.386Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:sourcecodester:class_and_exam_timetabling_system:*:*:*:*:*:*:*:*"
              ],
              "product": "Class and Exam Timetabling System",
              "vendor": "SourceCodester",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "AlbaDove (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was identified in SourceCodester Class and Exam Timetabling System 1.0. The impacted element is an unknown function of the file /subject.php. Such manipulation of the argument subject leads to cross site scripting. It is possible to launch the attack remotely. The exploit is publicly available and might be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 5,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Cross Site Scripting",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "Code Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-13T21:30:08.683Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-378111 | SourceCodester Class and Exam Timetabling System subject.php cross site scripting",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/378111"
            },
            {
              "name": "VDB-378111 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/378111/cti"
            },
            {
              "name": "CVE-2026-15596 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-15596"
            },
            {
              "name": "Submit #855269 | sourcecodester Class and Exam Timetabling System V1.0 cross site scripting",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/855269"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/AlbaDove/cve/issues/5"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.sourcecodester.com/"
            }
          ],
          "tags": [
            "x_freeware"
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-13T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-07-13T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-07-13T16:07:46.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "SourceCodester Class and Exam Timetabling System subject.php cross site scripting"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-15596",
        "datePublished": "2026-07-13T21:30:08.683Z",
        "dateReserved": "2026-07-13T14:02:39.572Z",
        "dateUpdated": "2026-07-15T14:23:52.386Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-15595 (GCVE-0-2026-15595)

    Vulnerability from nvd – Published: 2026-07-13 20:30 – Updated: 2026-07-14 13:03 X_Freeware
    VLAI
    Title
    SourceCodester Class and Exam Timetabling System forsubject.php cross site scripting
    Summary
    A vulnerability was determined in SourceCodester Class and Exam Timetabling System 1.0. The affected element is an unknown function of the file /forsubject.php. This manipulation of the argument subject causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/vuln/378110 vdb-entrytechnical-description
    https://vuldb.com/vuln/378110/cti signaturepermissions-required
    https://vuldb.com/cve/CVE-2026-15595 third-party-advisory
    https://vuldb.com/submit/855268 third-party-advisory
    https://github.com/AlbaDove/cve/issues/6 exploitissue-tracking
    https://www.sourcecodester.com/ product
    Impacted products
    Vendor Product Version
    SourceCodester Class and Exam Timetabling System Affected: 1.0
        cpe:2.3:a:sourcecodester:class_and_exam_timetabling_system:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    AlbaDove (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-15595",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-14T13:00:41.805031Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-14T13:03:58.599Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:sourcecodester:class_and_exam_timetabling_system:*:*:*:*:*:*:*:*"
              ],
              "product": "Class and Exam Timetabling System",
              "vendor": "SourceCodester",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "AlbaDove (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was determined in SourceCodester Class and Exam Timetabling System 1.0. The affected element is an unknown function of the file /forsubject.php. This manipulation of the argument subject causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 5,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Cross Site Scripting",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "Code Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-13T20:30:08.129Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-378110 | SourceCodester Class and Exam Timetabling System forsubject.php cross site scripting",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/378110"
            },
            {
              "name": "VDB-378110 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/378110/cti"
            },
            {
              "name": "CVE-2026-15595 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-15595"
            },
            {
              "name": "Submit #855268 | sourcecodester  Class and Exam Timetabling System V1.0 cross site scripting",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/855268"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/AlbaDove/cve/issues/6"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.sourcecodester.com/"
            }
          ],
          "tags": [
            "x_freeware"
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-13T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-07-13T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-07-13T16:07:44.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "SourceCodester Class and Exam Timetabling System forsubject.php cross site scripting"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-15595",
        "datePublished": "2026-07-13T20:30:08.129Z",
        "dateReserved": "2026-07-13T14:02:36.735Z",
        "dateUpdated": "2026-07-14T13:03:58.599Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-15540 (GCVE-0-2026-15540)

    Vulnerability from nvd – Published: 2026-07-13 06:30 – Updated: 2026-07-13 18:39 X_Freeware
    VLAI
    Title
    SourceCodester Online Book Store System Administrative index.php php file inclusion
    Summary
    A vulnerability was detected in SourceCodester Online Book Store System 1.0. The affected element is an unknown function of the file /admin/index.php of the component Administrative Interface. Performing a manipulation of the argument page results in improper control of filename for include/require statement in php program. It is possible to initiate the attack remotely. The exploit is now public and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program
    • CWE-73 - File Inclusion
    Assigner
    References
    URL Tags
    https://vuldb.com/vuln/377890 vdb-entrytechnical-description
    https://vuldb.com/vuln/377890/cti signaturepermissions-required
    https://vuldb.com/cve/CVE-2026-15540 third-party-advisory
    https://vuldb.com/submit/855048 third-party-advisory
    https://medium.com/@hemantrajbhati5555/local-file… broken-linkexploit
    https://www.sourcecodester.com/ product
    Impacted products
    Vendor Product Version
    SourceCodester Online Book Store System Affected: 1.0
        cpe:2.3:a:sourcecodester:online_book_store_system:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Hemant Raj Bhati (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-15540",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-13T18:39:23.588424Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-13T18:39:28.827Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:sourcecodester:online_book_store_system:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "Administrative Interface"
              ],
              "product": "Online Book Store System",
              "vendor": "SourceCodester",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Hemant Raj Bhati (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was detected in SourceCodester Online Book Store System 1.0. The affected element is an unknown function of the file /admin/index.php of the component Administrative Interface. Performing a manipulation of the argument page results in improper control of filename for include/require statement in php program. It is possible to initiate the attack remotely. The exploit is now public and may be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 4,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-98",
                  "description": "Improper Control of Filename for Include/Require Statement in PHP Program",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-73",
                  "description": "File Inclusion",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-13T06:30:08.672Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-377890 | SourceCodester Online Book Store System Administrative index.php php file inclusion",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/377890"
            },
            {
              "name": "VDB-377890 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/377890/cti"
            },
            {
              "name": "CVE-2026-15540 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-15540"
            },
            {
              "name": "Submit #855048 | SourceCodester Online Book Store System 1.0 Local File Inclusion",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/855048"
            },
            {
              "tags": [
                "broken-link",
                "exploit"
              ],
              "url": "https://medium.com/@hemantrajbhati5555/local-file-inclusion-lfi-via-page-parameter-leading-to-source-code-disclosure-ce722de0c407"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.sourcecodester.com/"
            }
          ],
          "tags": [
            "x_freeware"
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-12T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-07-12T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-07-12T20:12:46.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "SourceCodester Online Book Store System Administrative index.php php file inclusion"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-15540",
        "datePublished": "2026-07-13T06:30:08.672Z",
        "dateReserved": "2026-07-12T18:07:43.505Z",
        "dateUpdated": "2026-07-13T18:39:28.827Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-15539 (GCVE-0-2026-15539)

    Vulnerability from nvd – Published: 2026-07-13 06:15 – Updated: 2026-07-13 14:48 X_Freeware
    VLAI
    Title
    SourceCodester Online Book Store System Book Image Upload Feature index.php books unrestricted upload
    Summary
    A security vulnerability has been detected in SourceCodester Online Book Store System 1.0. Impacted is an unknown function of the file /admin/index.php?page=books of the component Book Image Upload Feature. Such manipulation leads to unrestricted upload. The attack may be performed from remote. The exploit has been disclosed publicly and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    SourceCodester Online Book Store System Affected: 1.0
        cpe:2.3:a:sourcecodester:online_book_store_system:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Hemant Raj Bhati (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-15539",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-13T14:47:59.519430Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-13T14:48:07.777Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:sourcecodester:online_book_store_system:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "Book Image Upload Feature"
              ],
              "product": "Online Book Store System",
              "vendor": "SourceCodester",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Hemant Raj Bhati (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security vulnerability has been detected in SourceCodester Online Book Store System 1.0. Impacted is an unknown function of the file /admin/index.php?page=books of the component Book Image Upload Feature. Such manipulation leads to unrestricted upload. The attack may be performed from remote. The exploit has been disclosed publicly and may be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 4.7,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 4.7,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 5.8,
                "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-434",
                  "description": "Unrestricted Upload",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "Improper Access Controls",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-13T06:15:07.726Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-377889 | SourceCodester Online Book Store System Book Image Upload Feature index.php books unrestricted upload",
              "tags": [
                "vdb-entry"
              ],
              "url": "https://vuldb.com/vuln/377889"
            },
            {
              "name": "VDB-377889 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/377889/cti"
            },
            {
              "name": "CVE-2026-15539 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-15539"
            },
            {
              "name": "Submit #855046 | SourceCodester Online Book Store System 1.0 Remote Code Execution",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/855046"
            },
            {
              "tags": [
                "broken-link",
                "exploit"
              ],
              "url": "https://medium.com/@hemantrajbhati5555/critical-authenticated-remote-code-execution-rce-via-unrestricted-file-upload-5a4a313ea1f1"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.sourcecodester.com/"
            }
          ],
          "tags": [
            "x_freeware"
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-12T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-07-12T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-07-12T20:09:51.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "SourceCodester Online Book Store System Book Image Upload Feature index.php books unrestricted upload"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-15539",
        "datePublished": "2026-07-13T06:15:07.726Z",
        "dateReserved": "2026-07-12T18:04:47.797Z",
        "dateUpdated": "2026-07-13T14:48:07.777Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-15537 (GCVE-0-2026-15537)

    Vulnerability from nvd – Published: 2026-07-13 05:45 – Updated: 2026-07-13 18:11 X_Freeware
    VLAI
    Title
    SourceCodester Online Book Store System login.php sql injection
    Summary
    A security flaw has been discovered in SourceCodester Online Book Store System 1.0. This vulnerability affects unknown code of the file admin/login.php. The manipulation of the argument Username results in sql injection. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/vuln/377887 vdb-entrytechnical-description
    https://vuldb.com/vuln/377887/cti signaturepermissions-required
    https://vuldb.com/cve/CVE-2026-15537 third-party-advisory
    https://vuldb.com/submit/855010 third-party-advisory
    https://medium.com/@gauravkumar67482/sql-injectio… broken-linkexploit
    https://www.sourcecodester.com/ product
    Impacted products
    Vendor Product Version
    SourceCodester Online Book Store System Affected: 1.0
        cpe:2.3:a:sourcecodester:online_book_store_system:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Gaurav kumar (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-15537",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-13T18:07:20.645571Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-13T18:11:53.767Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:sourcecodester:online_book_store_system:*:*:*:*:*:*:*:*"
              ],
              "product": "Online Book Store System",
              "vendor": "SourceCodester",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Gaurav kumar (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security flaw has been discovered in SourceCodester Online Book Store System 1.0. This vulnerability affects unknown code of the file admin/login.php. The manipulation of the argument Username results in sql injection. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 7.5,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "SQL Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-13T05:45:09.011Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-377887 | SourceCodester Online Book Store System login.php sql injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/377887"
            },
            {
              "name": "VDB-377887 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/377887/cti"
            },
            {
              "name": "CVE-2026-15537 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-15537"
            },
            {
              "name": "Submit #855010 | SourceCodester Online Book Store System 1.0 SQL Injection",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/855010"
            },
            {
              "tags": [
                "broken-link",
                "exploit"
              ],
              "url": "https://medium.com/@gauravkumar67482/sql-injection-leading-to-authentication-bypass-43b773da1967"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.sourcecodester.com/"
            }
          ],
          "tags": [
            "x_freeware"
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-12T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-07-12T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-07-12T20:05:34.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "SourceCodester Online Book Store System login.php sql injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-15537",
        "datePublished": "2026-07-13T05:45:09.011Z",
        "dateReserved": "2026-07-12T18:00:30.574Z",
        "dateUpdated": "2026-07-13T18:11:53.767Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-15532 (GCVE-0-2026-15532)

    Vulnerability from nvd – Published: 2026-07-13 04:30 – Updated: 2026-07-13 15:51 X_Freeware
    VLAI
    Title
    SourceCodester Online Book Store System User Management cross site scripting
    Summary
    A vulnerability was identified in SourceCodester Online Book Store System 1.0. This issue affects some unknown processing of the component User Management Module. Such manipulation of the argument Name/Username leads to cross site scripting. The attack can be executed remotely. The exploit is publicly available and might be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/vuln/377877 vdb-entrytechnical-description
    https://vuldb.com/vuln/377877/cti signaturepermissions-required
    https://vuldb.com/cve/CVE-2026-15532 third-party-advisory
    https://vuldb.com/submit/854983 third-party-advisory
    https://medium.com/@gauravkumar67482/authenticate… broken-linkexploit
    https://www.sourcecodester.com/ product
    Impacted products
    Vendor Product Version
    SourceCodester Online Book Store System Affected: 1.0
        cpe:2.3:a:sourcecodester:online_book_store_system:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Gaurav kumar (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-15532",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-13T15:51:49.552657Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-13T15:51:56.052Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:sourcecodester:online_book_store_system:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "User Management Module"
              ],
              "product": "Online Book Store System",
              "vendor": "SourceCodester",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Gaurav kumar (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was identified in SourceCodester Online Book Store System 1.0. This issue affects some unknown processing of the component User Management Module. Such manipulation of the argument Name/Username leads to cross site scripting. The attack can be executed remotely. The exploit is publicly available and might be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 2.4,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 2.4,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 3.3,
                "vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Cross Site Scripting",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "Code Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-13T04:30:08.174Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-377877 | SourceCodester Online Book Store System User Management cross site scripting",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/377877"
            },
            {
              "name": "VDB-377877 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/377877/cti"
            },
            {
              "name": "CVE-2026-15532 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-15532"
            },
            {
              "name": "Submit #854983 | SourceCodester Online Book Store System 1.0 Stored Cross-Site Scripting (Authenticated)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/854983"
            },
            {
              "tags": [
                "broken-link",
                "exploit"
              ],
              "url": "https://medium.com/@gauravkumar67482/authenticated-stored-cross-site-scripting-xss-in-user-management-module-2c2ba72b2cdf"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.sourcecodester.com/"
            }
          ],
          "tags": [
            "x_freeware"
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-12T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-07-12T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-07-12T18:05:18.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "SourceCodester Online Book Store System User Management cross site scripting"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-15532",
        "datePublished": "2026-07-13T04:30:08.174Z",
        "dateReserved": "2026-07-12T16:00:14.084Z",
        "dateUpdated": "2026-07-13T15:51:56.052Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-15190 (GCVE-0-2026-15190)

    Vulnerability from nvd – Published: 2026-07-09 15:45 – Updated: 2026-07-09 17:14 X_Freeware
    VLAI
    Title
    SourceCodester Simple and Nice Shopping Cart Script login.php sql injection
    Summary
    A vulnerability was detected in SourceCodester Simple and Nice Shopping Cart Script 1.0. This affects an unknown part of the file /login.php. Performing a manipulation of the argument Username results in sql injection. Remote exploitation of the attack is possible. The exploit is now public and may be used.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/vuln/377116 vdb-entrytechnical-description
    https://vuldb.com/vuln/377116/cti signaturepermissions-required
    https://vuldb.com/cve/CVE-2026-15190 third-party-advisory
    https://vuldb.com/submit/851483 third-party-advisory
    https://github.com/zainaakinyi45-boop/cve/issues/1 exploitissue-tracking
    https://www.sourcecodester.com/ product
    Impacted products
    Vendor Product Version
    SourceCodester Simple and Nice Shopping Cart Script Affected: 1.0
        cpe:2.3:a:sourcecodester:simple_and_nice_shopping_cart_script:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    zainaakinyi45 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-15190",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T17:13:41.707678Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T17:14:09.187Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:sourcecodester:simple_and_nice_shopping_cart_script:*:*:*:*:*:*:*:*"
              ],
              "product": "Simple and Nice Shopping Cart Script",
              "vendor": "SourceCodester",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "zainaakinyi45 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was detected in SourceCodester Simple and Nice Shopping Cart Script 1.0. This affects an unknown part of the file /login.php. Performing a manipulation of the argument Username results in sql injection. Remote exploitation of the attack is possible. The exploit is now public and may be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 7.5,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "SQL Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-09T15:45:09.130Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-377116 | SourceCodester Simple and Nice Shopping Cart Script login.php sql injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/377116"
            },
            {
              "name": "VDB-377116 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/377116/cti"
            },
            {
              "name": "CVE-2026-15190 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-15190"
            },
            {
              "name": "Submit #851483 | SourceCodester Simple and Nice Shopping Cart Script 1.0 SQL Injection",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/851483"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/zainaakinyi45-boop/cve/issues/1"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.sourcecodester.com/"
            }
          ],
          "tags": [
            "x_freeware"
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-09T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-07-09T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-07-09T07:27:26.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "SourceCodester Simple and Nice Shopping Cart Script login.php sql injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-15190",
        "datePublished": "2026-07-09T15:45:09.130Z",
        "dateReserved": "2026-07-09T05:22:21.460Z",
        "dateUpdated": "2026-07-09T17:14:09.187Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-14778 (GCVE-0-2026-14778)

    Vulnerability from nvd – Published: 2026-07-05 23:30 – Updated: 2026-07-06 13:15 X_Freeware
    VLAI
    Title
    SourceCodester Onlne Examination & Learning Management System Enrollment Management ajax_enroll.php improper authorization
    Summary
    A security vulnerability has been detected in SourceCodester Onlne Examination & Learning Management System 1.0. This affects an unknown part of the file /ajax_enroll.php of the component Enrollment Management. The manipulation of the argument student_id/schedule_id/action leads to improper authorization. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. The name of the affected product appears to have a typo in it.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-285 - Improper Authorization
    • CWE-266 - Incorrect Privilege Assignment
    Assigner
    References
    Impacted products
    Vendor Product Version
    SourceCodester Onlne Examination & Learning Management System Affected: 1.0
        cpe:2.3:a:sourcecodester:onlne_examination_learning_management_system:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Fklov (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-14778",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-06T13:15:19.103122Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-06T13:15:27.861Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:sourcecodester:onlne_examination_learning_management_system:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "Enrollment Management"
              ],
              "product": "Onlne Examination \u0026 Learning Management System",
              "vendor": "SourceCodester",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Fklov (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security vulnerability has been detected in SourceCodester Onlne Examination \u0026 Learning Management System 1.0. This affects an unknown part of the file /ajax_enroll.php of the component Enrollment Management. The manipulation of the argument student_id/schedule_id/action leads to improper authorization. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. The name of the affected product appears to have a typo in it."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 7.5,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-285",
                  "description": "Improper Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-266",
                  "description": "Incorrect Privilege Assignment",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-05T23:30:09.071Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-376368 | SourceCodester Onlne Examination \u0026 Learning Management System Enrollment Management ajax_enroll.php improper authorization",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/376368"
            },
            {
              "name": "VDB-376368 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/376368/cti"
            },
            {
              "name": "CVE-2026-14778 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-14778"
            },
            {
              "name": "Submit #850695 | SourceCodester Online Examination \u0026 Learning Management System 1.0 Missing Authorization",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/850695"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/nuiifornet/A033/blob/main/OE-LMS-IDOR-ajax_enroll.md"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.sourcecodester.com/"
            }
          ],
          "tags": [
            "x_freeware"
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-05T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-07-05T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-07-05T06:13:33.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "SourceCodester Onlne Examination \u0026 Learning Management System Enrollment Management ajax_enroll.php improper authorization"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-14778",
        "datePublished": "2026-07-05T23:30:09.071Z",
        "dateReserved": "2026-07-05T04:08:21.195Z",
        "dateUpdated": "2026-07-06T13:15:27.861Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-14777 (GCVE-0-2026-14777)

    Vulnerability from nvd – Published: 2026-07-05 23:15 – Updated: 2026-07-06 13:06 X_Freeware
    VLAI
    Title
    SourceCodester Onlne Examination & Learning Management System announcements.php unrestricted upload
    Summary
    A weakness has been identified in SourceCodester Onlne Examination & Learning Management System 1.0. Affected by this issue is some unknown functionality of the file /announcements.php. Executing a manipulation can lead to unrestricted upload. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks. The name of the affected product appears to have a typo in it.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    SourceCodester Onlne Examination & Learning Management System Affected: 1.0
        cpe:2.3:a:sourcecodester:onlne_examination_learning_management_system:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Fklov (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-14777",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-06T13:06:12.945244Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-06T13:06:24.795Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:sourcecodester:onlne_examination_learning_management_system:*:*:*:*:*:*:*:*"
              ],
              "product": "Onlne Examination \u0026 Learning Management System",
              "vendor": "SourceCodester",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Fklov (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A weakness has been identified in SourceCodester Onlne Examination \u0026 Learning Management System 1.0. Affected by this issue is some unknown functionality of the file /announcements.php. Executing a manipulation can lead to unrestricted upload. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks. The name of the affected product appears to have a typo in it."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-434",
                  "description": "Unrestricted Upload",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "Improper Access Controls",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-05T23:15:11.813Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-376367 | SourceCodester Onlne Examination \u0026 Learning Management System announcements.php unrestricted upload",
              "tags": [
                "vdb-entry"
              ],
              "url": "https://vuldb.com/vuln/376367"
            },
            {
              "name": "VDB-376367 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/376367/cti"
            },
            {
              "name": "CVE-2026-14777 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-14777"
            },
            {
              "name": "Submit #850679 | SourceCodester Online Examination \u0026 Learning Management System 1.0 Unrestricted Upload",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/850679"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/nuiifornet/A033/blob/main/OE-LMS-RCE-3-announcements.md"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.sourcecodester.com/"
            }
          ],
          "tags": [
            "x_freeware"
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-05T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-07-05T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-07-05T06:13:31.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "SourceCodester Onlne Examination \u0026 Learning Management System announcements.php unrestricted upload"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-14777",
        "datePublished": "2026-07-05T23:15:11.813Z",
        "dateReserved": "2026-07-05T04:08:18.319Z",
        "dateUpdated": "2026-07-06T13:06:24.795Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-14776 (GCVE-0-2026-14776)

    Vulnerability from nvd – Published: 2026-07-05 23:00 – Updated: 2026-07-06 16:49 X_Freeware
    VLAI
    Title
    SourceCodester Onlne Examination & Learning Management System Filename Extension upload_files.php pathinfo unrestricted upload
    Summary
    A security flaw has been discovered in SourceCodester Onlne Examination & Learning Management System 1.0. Affected by this vulnerability is the function pathinfo of the file /upload_files.php of the component Filename Extension. Performing a manipulation results in unrestricted upload. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks. The name of the affected product appears to have a typo in it.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    SourceCodester Onlne Examination & Learning Management System Affected: 1.0
        cpe:2.3:a:sourcecodester:onlne_examination_learning_management_system:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Fklov (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-14776",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-06T16:35:56.782745Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-06T16:49:27.412Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:sourcecodester:onlne_examination_learning_management_system:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "Filename Extension"
              ],
              "product": "Onlne Examination \u0026 Learning Management System",
              "vendor": "SourceCodester",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Fklov (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security flaw has been discovered in SourceCodester Onlne Examination \u0026 Learning Management System 1.0. Affected by this vulnerability is the function pathinfo of the file /upload_files.php of the component Filename Extension. Performing a manipulation results in unrestricted upload. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks. The name of the affected product appears to have a typo in it."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-434",
                  "description": "Unrestricted Upload",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "Improper Access Controls",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-05T23:00:11.544Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-376366 | SourceCodester Onlne Examination \u0026 Learning Management System Filename Extension upload_files.php pathinfo unrestricted upload",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/376366"
            },
            {
              "name": "VDB-376366 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/376366/cti"
            },
            {
              "name": "CVE-2026-14776 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-14776"
            },
            {
              "name": "Submit #850678 | SourceCodester Online Examination \u0026 Learning Management System 1.0 Unrestricted Upload",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/850678"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/nuiifornet/A033/blob/main/OE-LMS-RCE-2-upload_files.md"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.sourcecodester.com/"
            }
          ],
          "tags": [
            "x_freeware"
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-05T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-07-05T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-07-05T06:13:28.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "SourceCodester Onlne Examination \u0026 Learning Management System Filename Extension upload_files.php pathinfo unrestricted upload"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-14776",
        "datePublished": "2026-07-05T23:00:11.544Z",
        "dateReserved": "2026-07-05T04:08:15.541Z",
        "dateUpdated": "2026-07-06T16:49:27.412Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-14775 (GCVE-0-2026-14775)

    Vulnerability from nvd – Published: 2026-07-05 22:45 – Updated: 2026-07-07 02:54 X_Freeware
    VLAI
    Title
    SourceCodester Onlne Examination & Learning Management System process_lesson.php unrestricted upload
    Summary
    A vulnerability was identified in SourceCodester Onlne Examination & Learning Management System 1.0. Affected is an unknown function of the file /process_lesson.php. Such manipulation of the argument user_id leads to unrestricted upload. The attack may be launched remotely. The exploit is publicly available and might be used. The name of the affected product appears to have a typo in it.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    SourceCodester Onlne Examination & Learning Management System Affected: 1.0
        cpe:2.3:a:sourcecodester:onlne_examination_learning_management_system:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Fklov (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-14775",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-07T02:54:38.833725Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-07T02:54:51.798Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:sourcecodester:onlne_examination_learning_management_system:*:*:*:*:*:*:*:*"
              ],
              "product": "Onlne Examination \u0026 Learning Management System",
              "vendor": "SourceCodester",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Fklov (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was identified in SourceCodester Onlne Examination \u0026 Learning Management System 1.0. Affected is an unknown function of the file /process_lesson.php. Such manipulation of the argument user_id leads to unrestricted upload. The attack may be launched remotely. The exploit is publicly available and might be used. The name of the affected product appears to have a typo in it."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-434",
                  "description": "Unrestricted Upload",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "Improper Access Controls",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-05T22:45:09.190Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-376365 | SourceCodester Onlne Examination \u0026 Learning Management System process_lesson.php unrestricted upload",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/376365"
            },
            {
              "name": "VDB-376365 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/376365/cti"
            },
            {
              "name": "CVE-2026-14775 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-14775"
            },
            {
              "name": "Submit #850677 | SourceCodester Online Examination \u0026 Learning Management System 1.0 Unrestricted Upload",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/850677"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/nuiifornet/A033/blob/main/OE-LMS-RCE-1-process_lesson.md"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.sourcecodester.com/"
            }
          ],
          "tags": [
            "x_freeware"
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-05T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-07-05T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-07-05T06:13:25.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "SourceCodester Onlne Examination \u0026 Learning Management System process_lesson.php unrestricted upload"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-14775",
        "datePublished": "2026-07-05T22:45:09.190Z",
        "dateReserved": "2026-07-05T04:08:13.179Z",
        "dateUpdated": "2026-07-07T02:54:51.798Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-14772 (GCVE-0-2026-14772)

    Vulnerability from nvd – Published: 2026-07-05 22:00 – Updated: 2026-07-06 13:16 X_Freeware
    VLAI
    Title
    SourceCodester Class and Exam Timetabling System edit_course1.php sql injection
    Summary
    A vulnerability has been found in SourceCodester Class and Exam Timetabling System 1.0/1.php. The impacted element is an unknown function of the file /edit_course1.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/vuln/376362 vdb-entrytechnical-description
    https://vuldb.com/vuln/376362/cti signaturepermissions-required
    https://vuldb.com/cve/CVE-2026-14772 third-party-advisory
    https://vuldb.com/submit/849108 third-party-advisory
    https://github.com/orionyan520/cve_report/issues/1 exploitissue-tracking
    https://www.sourcecodester.com/ product
    Impacted products
    Vendor Product Version
    SourceCodester Class and Exam Timetabling System Affected: 1.0
    Affected: 1.php
        cpe:2.3:a:sourcecodester:class_and_exam_timetabling_system:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    orionyan (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-14772",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-06T13:15:50.699112Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-06T13:16:00.262Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:sourcecodester:class_and_exam_timetabling_system:*:*:*:*:*:*:*:*"
              ],
              "product": "Class and Exam Timetabling System",
              "vendor": "SourceCodester",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0"
                },
                {
                  "status": "affected",
                  "version": "1.php"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "orionyan (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been found in SourceCodester Class and Exam Timetabling System 1.0/1.php. The impacted element is an unknown function of the file /edit_course1.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 7.5,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "SQL Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-05T22:00:09.168Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-376362 | SourceCodester Class and Exam Timetabling System edit_course1.php sql injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/376362"
            },
            {
              "name": "VDB-376362 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/376362/cti"
            },
            {
              "name": "CVE-2026-14772 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-14772"
            },
            {
              "name": "Submit #849108 | sourcecodester  Class and Exam Timetabling System V1.0 SQL injection",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/849108"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/orionyan520/cve_report/issues/1"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.sourcecodester.com/"
            }
          ],
          "tags": [
            "x_freeware"
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-05T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-07-05T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-07-05T06:06:45.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "SourceCodester Class and Exam Timetabling System edit_course1.php sql injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-14772",
        "datePublished": "2026-07-05T22:00:09.168Z",
        "dateReserved": "2026-07-05T04:01:35.626Z",
        "dateUpdated": "2026-07-06T13:16:00.262Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-14771 (GCVE-0-2026-14771)

    Vulnerability from nvd – Published: 2026-07-05 21:30 – Updated: 2026-07-06 13:03 X_Freeware
    VLAI
    Title
    SourceCodester Class and Exam Timetabling System edit_exam1.php sql injection
    Summary
    A flaw has been found in SourceCodester Class and Exam Timetabling System 1.0/1.php. The affected element is an unknown function of the file /edit_exam1.php. Executing a manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may be used.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/vuln/376361 vdb-entrytechnical-description
    https://vuldb.com/vuln/376361/cti signaturepermissions-required
    https://vuldb.com/cve/CVE-2026-14771 third-party-advisory
    https://vuldb.com/submit/849107 third-party-advisory
    https://github.com/orionyan520/cve_report/issues/2 exploitissue-tracking
    https://www.sourcecodester.com/ product
    Impacted products
    Vendor Product Version
    SourceCodester Class and Exam Timetabling System Affected: 1.0
    Affected: 1.php
        cpe:2.3:a:sourcecodester:class_and_exam_timetabling_system:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    orionyan (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-14771",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-06T13:03:27.896182Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-06T13:03:35.795Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:sourcecodester:class_and_exam_timetabling_system:*:*:*:*:*:*:*:*"
              ],
              "product": "Class and Exam Timetabling System",
              "vendor": "SourceCodester",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0"
                },
                {
                  "status": "affected",
                  "version": "1.php"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "orionyan (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A flaw has been found in SourceCodester Class and Exam Timetabling System 1.0/1.php. The affected element is an unknown function of the file /edit_exam1.php. Executing a manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 7.5,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "SQL Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-05T21:30:09.068Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-376361 | SourceCodester Class and Exam Timetabling System edit_exam1.php sql injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/376361"
            },
            {
              "name": "VDB-376361 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/376361/cti"
            },
            {
              "name": "CVE-2026-14771 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-14771"
            },
            {
              "name": "Submit #849107 | sourcecodester  Class and Exam Timetabling System V1.0 SQL injection",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/849107"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/orionyan520/cve_report/issues/2"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.sourcecodester.com/"
            }
          ],
          "tags": [
            "x_freeware"
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-05T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-07-05T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-07-05T06:06:43.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "SourceCodester Class and Exam Timetabling System edit_exam1.php sql injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-14771",
        "datePublished": "2026-07-05T21:30:09.068Z",
        "dateReserved": "2026-07-05T04:01:33.090Z",
        "dateUpdated": "2026-07-06T13:03:35.795Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-15715 (GCVE-0-2026-15715)

    Vulnerability from cvelistv5 – Published: 2026-07-14 17:45 – Updated: 2026-07-14 19:51 X_Freeware
    VLAI
    Title
    SourceCodester Class and Exam Timetabling System exam.php cross site scripting
    Summary
    A vulnerability was identified in SourceCodester Class and Exam Timetabling System 1.0. Affected by this vulnerability is an unknown functionality of the file /exam.php. Such manipulation of the argument day leads to cross site scripting. It is possible to launch the attack remotely. The exploit is publicly available and might be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/vuln/378291 vdb-entrytechnical-description
    https://vuldb.com/vuln/378291/cti signaturepermissions-required
    https://vuldb.com/cve/CVE-2026-15715 third-party-advisory
    https://vuldb.com/submit/856170 third-party-advisory
    https://vuldb.com/submit/856171 third-party-advisory
    https://github.com/AlbaDove/cve/issues/7 exploitissue-tracking
    https://www.sourcecodester.com/ product
    Impacted products
    Vendor Product Version
    SourceCodester Class and Exam Timetabling System Affected: 1.0
        cpe:2.3:a:sourcecodester:class_and_exam_timetabling_system:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    AlbaDove (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-15715",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-14T19:41:46.666371Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-14T19:51:21.035Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:sourcecodester:class_and_exam_timetabling_system:*:*:*:*:*:*:*:*"
              ],
              "product": "Class and Exam Timetabling System",
              "vendor": "SourceCodester",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "AlbaDove (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was identified in SourceCodester Class and Exam Timetabling System 1.0. Affected by this vulnerability is an unknown functionality of the file /exam.php. Such manipulation of the argument day leads to cross site scripting. It is possible to launch the attack remotely. The exploit is publicly available and might be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 5,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Cross Site Scripting",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "Code Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T17:45:08.923Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-378291 | SourceCodester Class and Exam Timetabling System exam.php cross site scripting",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/378291"
            },
            {
              "name": "VDB-378291 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/378291/cti"
            },
            {
              "name": "CVE-2026-15715 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-15715"
            },
            {
              "name": "Submit #856170 | sourcecodester  Class and Exam Timetabling System V1.0 cross site scripting",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/856170"
            },
            {
              "name": "Submit #856171 | sourcecodester  Class and Exam Timetabling System V1.0 cross site scripting (Duplicate)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/856171"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/AlbaDove/cve/issues/7"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.sourcecodester.com/"
            }
          ],
          "tags": [
            "x_freeware"
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-14T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-07-14T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-07-14T12:45:59.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "SourceCodester Class and Exam Timetabling System exam.php cross site scripting"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-15715",
        "datePublished": "2026-07-14T17:45:08.923Z",
        "dateReserved": "2026-07-14T10:40:56.375Z",
        "dateUpdated": "2026-07-14T19:51:21.035Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-15703 (GCVE-0-2026-15703)

    Vulnerability from cvelistv5 – Published: 2026-07-14 17:00 – Updated: 2026-07-15 15:45 X_Freeware
    VLAI
    Title
    SourceCodester Simple and Nice Shopping Cart Script userproductdeletequery.php sql injection
    Summary
    A vulnerability was detected in SourceCodester Simple and Nice Shopping Cart Script 1.0. This vulnerability affects unknown code of the file /admin/userproductdeletequery.php. Performing a manipulation of the argument user_id results in sql injection. It is possible to initiate the attack remotely. The exploit is now public and may be used.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/vuln/378250 vdb-entrytechnical-description
    https://vuldb.com/vuln/378250/cti signaturepermissions-required
    https://vuldb.com/cve/CVE-2026-15703 third-party-advisory
    https://vuldb.com/submit/856152 third-party-advisory
    https://github.com/Wut-sys/cve/issues/1 exploitissue-tracking
    https://www.sourcecodester.com/ product
    Impacted products
    Vendor Product Version
    SourceCodester Simple and Nice Shopping Cart Script Affected: 1.0
        cpe:2.3:a:sourcecodester:simple_and_nice_shopping_cart_script:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    huajuan (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-15703",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-15T15:45:13.311758Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T15:45:27.209Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:sourcecodester:simple_and_nice_shopping_cart_script:*:*:*:*:*:*:*:*"
              ],
              "product": "Simple and Nice Shopping Cart Script",
              "vendor": "SourceCodester",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "huajuan (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was detected in SourceCodester Simple and Nice Shopping Cart Script 1.0. This vulnerability affects unknown code of the file /admin/userproductdeletequery.php. Performing a manipulation of the argument user_id results in sql injection. It is possible to initiate the attack remotely. The exploit is now public and may be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 7.5,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "SQL Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T17:00:08.729Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-378250 | SourceCodester Simple and Nice Shopping Cart Script userproductdeletequery.php sql injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/378250"
            },
            {
              "name": "VDB-378250 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/378250/cti"
            },
            {
              "name": "CVE-2026-15703 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-15703"
            },
            {
              "name": "Submit #856152 | SourceCodester Simple and Nice Shopping Cart Script in PHP  1.0 SQL Injection",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/856152"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/Wut-sys/cve/issues/1"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.sourcecodester.com/"
            }
          ],
          "tags": [
            "x_freeware"
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-14T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-07-14T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-07-14T12:56:51.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "SourceCodester Simple and Nice Shopping Cart Script userproductdeletequery.php sql injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-15703",
        "datePublished": "2026-07-14T17:00:08.729Z",
        "dateReserved": "2026-07-14T05:39:51.433Z",
        "dateUpdated": "2026-07-15T15:45:27.209Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-15597 (GCVE-0-2026-15597)

    Vulnerability from cvelistv5 – Published: 2026-07-13 21:45 – Updated: 2026-07-14 14:30 X_Freeware
    VLAI
    Title
    SourceCodester Class and Exam Timetabling System edit_exam2.php sql injection
    Summary
    A security flaw has been discovered in SourceCodester Class and Exam Timetabling System 1.0/2.php. This affects an unknown function of the file /edit_exam2.php. Performing a manipulation of the argument ID results in sql injection. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/vuln/378112 vdb-entrytechnical-description
    https://vuldb.com/vuln/378112/cti signaturepermissions-required
    https://vuldb.com/cve/CVE-2026-15597 third-party-advisory
    https://vuldb.com/submit/855298 third-party-advisory
    https://github.com/asdasddqwdq29-a11y/new-cve/issues/1 exploitissue-tracking
    https://www.sourcecodester.com/ product
    Impacted products
    Vendor Product Version
    SourceCodester Class and Exam Timetabling System Affected: 1.0
    Affected: 2.php
        cpe:2.3:a:sourcecodester:class_and_exam_timetabling_system:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    bzdXBHu0xzWRJ (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-15597",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-14T13:18:08.799716Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-14T14:30:40.312Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:sourcecodester:class_and_exam_timetabling_system:*:*:*:*:*:*:*:*"
              ],
              "product": "Class and Exam Timetabling System",
              "vendor": "SourceCodester",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0"
                },
                {
                  "status": "affected",
                  "version": "2.php"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "bzdXBHu0xzWRJ (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security flaw has been discovered in SourceCodester Class and Exam Timetabling System 1.0/2.php. This affects an unknown function of the file /edit_exam2.php. Performing a manipulation of the argument ID results in sql injection. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 7.5,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "SQL Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-13T21:45:09.410Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-378112 | SourceCodester Class and Exam Timetabling System edit_exam2.php sql injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/378112"
            },
            {
              "name": "VDB-378112 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/378112/cti"
            },
            {
              "name": "CVE-2026-15597 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-15597"
            },
            {
              "name": "Submit #855298 | sourcecodester  Class and Exam Timetabling System V1.0 SQL injection",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/855298"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/asdasddqwdq29-a11y/new-cve/issues/1"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.sourcecodester.com/"
            }
          ],
          "tags": [
            "x_freeware"
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-13T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-07-13T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-07-13T16:09:23.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "SourceCodester Class and Exam Timetabling System edit_exam2.php sql injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-15597",
        "datePublished": "2026-07-13T21:45:09.410Z",
        "dateReserved": "2026-07-13T14:04:19.950Z",
        "dateUpdated": "2026-07-14T14:30:40.312Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-15596 (GCVE-0-2026-15596)

    Vulnerability from cvelistv5 – Published: 2026-07-13 21:30 – Updated: 2026-07-15 14:23 X_Freeware
    VLAI
    Title
    SourceCodester Class and Exam Timetabling System subject.php cross site scripting
    Summary
    A vulnerability was identified in SourceCodester Class and Exam Timetabling System 1.0. The impacted element is an unknown function of the file /subject.php. Such manipulation of the argument subject leads to cross site scripting. It is possible to launch the attack remotely. The exploit is publicly available and might be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/vuln/378111 vdb-entrytechnical-description
    https://vuldb.com/vuln/378111/cti signaturepermissions-required
    https://vuldb.com/cve/CVE-2026-15596 third-party-advisory
    https://vuldb.com/submit/855269 third-party-advisory
    https://github.com/AlbaDove/cve/issues/5 exploitissue-tracking
    https://www.sourcecodester.com/ product
    Impacted products
    Vendor Product Version
    SourceCodester Class and Exam Timetabling System Affected: 1.0
        cpe:2.3:a:sourcecodester:class_and_exam_timetabling_system:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    AlbaDove (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-15596",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-15T14:23:39.872894Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T14:23:52.386Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:sourcecodester:class_and_exam_timetabling_system:*:*:*:*:*:*:*:*"
              ],
              "product": "Class and Exam Timetabling System",
              "vendor": "SourceCodester",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "AlbaDove (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was identified in SourceCodester Class and Exam Timetabling System 1.0. The impacted element is an unknown function of the file /subject.php. Such manipulation of the argument subject leads to cross site scripting. It is possible to launch the attack remotely. The exploit is publicly available and might be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 5,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Cross Site Scripting",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "Code Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-13T21:30:08.683Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-378111 | SourceCodester Class and Exam Timetabling System subject.php cross site scripting",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/378111"
            },
            {
              "name": "VDB-378111 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/378111/cti"
            },
            {
              "name": "CVE-2026-15596 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-15596"
            },
            {
              "name": "Submit #855269 | sourcecodester Class and Exam Timetabling System V1.0 cross site scripting",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/855269"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/AlbaDove/cve/issues/5"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.sourcecodester.com/"
            }
          ],
          "tags": [
            "x_freeware"
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-13T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-07-13T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-07-13T16:07:46.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "SourceCodester Class and Exam Timetabling System subject.php cross site scripting"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-15596",
        "datePublished": "2026-07-13T21:30:08.683Z",
        "dateReserved": "2026-07-13T14:02:39.572Z",
        "dateUpdated": "2026-07-15T14:23:52.386Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-15595 (GCVE-0-2026-15595)

    Vulnerability from cvelistv5 – Published: 2026-07-13 20:30 – Updated: 2026-07-14 13:03 X_Freeware
    VLAI
    Title
    SourceCodester Class and Exam Timetabling System forsubject.php cross site scripting
    Summary
    A vulnerability was determined in SourceCodester Class and Exam Timetabling System 1.0. The affected element is an unknown function of the file /forsubject.php. This manipulation of the argument subject causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/vuln/378110 vdb-entrytechnical-description
    https://vuldb.com/vuln/378110/cti signaturepermissions-required
    https://vuldb.com/cve/CVE-2026-15595 third-party-advisory
    https://vuldb.com/submit/855268 third-party-advisory
    https://github.com/AlbaDove/cve/issues/6 exploitissue-tracking
    https://www.sourcecodester.com/ product
    Impacted products
    Vendor Product Version
    SourceCodester Class and Exam Timetabling System Affected: 1.0
        cpe:2.3:a:sourcecodester:class_and_exam_timetabling_system:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    AlbaDove (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-15595",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-14T13:00:41.805031Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-14T13:03:58.599Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:sourcecodester:class_and_exam_timetabling_system:*:*:*:*:*:*:*:*"
              ],
              "product": "Class and Exam Timetabling System",
              "vendor": "SourceCodester",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "AlbaDove (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was determined in SourceCodester Class and Exam Timetabling System 1.0. The affected element is an unknown function of the file /forsubject.php. This manipulation of the argument subject causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 5,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Cross Site Scripting",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "Code Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-13T20:30:08.129Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-378110 | SourceCodester Class and Exam Timetabling System forsubject.php cross site scripting",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/378110"
            },
            {
              "name": "VDB-378110 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/378110/cti"
            },
            {
              "name": "CVE-2026-15595 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-15595"
            },
            {
              "name": "Submit #855268 | sourcecodester  Class and Exam Timetabling System V1.0 cross site scripting",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/855268"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/AlbaDove/cve/issues/6"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.sourcecodester.com/"
            }
          ],
          "tags": [
            "x_freeware"
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-13T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-07-13T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-07-13T16:07:44.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "SourceCodester Class and Exam Timetabling System forsubject.php cross site scripting"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-15595",
        "datePublished": "2026-07-13T20:30:08.129Z",
        "dateReserved": "2026-07-13T14:02:36.735Z",
        "dateUpdated": "2026-07-14T13:03:58.599Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-15540 (GCVE-0-2026-15540)

    Vulnerability from cvelistv5 – Published: 2026-07-13 06:30 – Updated: 2026-07-13 18:39 X_Freeware
    VLAI
    Title
    SourceCodester Online Book Store System Administrative index.php php file inclusion
    Summary
    A vulnerability was detected in SourceCodester Online Book Store System 1.0. The affected element is an unknown function of the file /admin/index.php of the component Administrative Interface. Performing a manipulation of the argument page results in improper control of filename for include/require statement in php program. It is possible to initiate the attack remotely. The exploit is now public and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program
    • CWE-73 - File Inclusion
    Assigner
    References
    URL Tags
    https://vuldb.com/vuln/377890 vdb-entrytechnical-description
    https://vuldb.com/vuln/377890/cti signaturepermissions-required
    https://vuldb.com/cve/CVE-2026-15540 third-party-advisory
    https://vuldb.com/submit/855048 third-party-advisory
    https://medium.com/@hemantrajbhati5555/local-file… broken-linkexploit
    https://www.sourcecodester.com/ product
    Impacted products
    Vendor Product Version
    SourceCodester Online Book Store System Affected: 1.0
        cpe:2.3:a:sourcecodester:online_book_store_system:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Hemant Raj Bhati (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-15540",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-13T18:39:23.588424Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-13T18:39:28.827Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:sourcecodester:online_book_store_system:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "Administrative Interface"
              ],
              "product": "Online Book Store System",
              "vendor": "SourceCodester",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Hemant Raj Bhati (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was detected in SourceCodester Online Book Store System 1.0. The affected element is an unknown function of the file /admin/index.php of the component Administrative Interface. Performing a manipulation of the argument page results in improper control of filename for include/require statement in php program. It is possible to initiate the attack remotely. The exploit is now public and may be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 4,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-98",
                  "description": "Improper Control of Filename for Include/Require Statement in PHP Program",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-73",
                  "description": "File Inclusion",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-13T06:30:08.672Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-377890 | SourceCodester Online Book Store System Administrative index.php php file inclusion",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/377890"
            },
            {
              "name": "VDB-377890 | CTI Indicators (IOB, IOC, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/377890/cti"
            },
            {
              "name": "CVE-2026-15540 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-15540"
            },
            {
              "name": "Submit #855048 | SourceCodester Online Book Store System 1.0 Local File Inclusion",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/855048"
            },
            {
              "tags": [
                "broken-link",
                "exploit"
              ],
              "url": "https://medium.com/@hemantrajbhati5555/local-file-inclusion-lfi-via-page-parameter-leading-to-source-code-disclosure-ce722de0c407"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.sourcecodester.com/"
            }
          ],
          "tags": [
            "x_freeware"
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-12T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-07-12T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-07-12T20:12:46.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "SourceCodester Online Book Store System Administrative index.php php file inclusion"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-15540",
        "datePublished": "2026-07-13T06:30:08.672Z",
        "dateReserved": "2026-07-12T18:07:43.505Z",
        "dateUpdated": "2026-07-13T18:39:28.827Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-15539 (GCVE-0-2026-15539)

    Vulnerability from cvelistv5 – Published: 2026-07-13 06:15 – Updated: 2026-07-13 14:48 X_Freeware
    VLAI
    Title
    SourceCodester Online Book Store System Book Image Upload Feature index.php books unrestricted upload
    Summary
    A security vulnerability has been detected in SourceCodester Online Book Store System 1.0. Impacted is an unknown function of the file /admin/index.php?page=books of the component Book Image Upload Feature. Such manipulation leads to unrestricted upload. The attack may be performed from remote. The exploit has been disclosed publicly and may be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    SourceCodester Online Book Store System Affected: 1.0
        cpe:2.3:a:sourcecodester:online_book_store_system:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Hemant Raj Bhati (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-15539",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-13T14:47:59.519430Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-13T14:48:07.777Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:sourcecodester:online_book_store_system:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "Book Image Upload Feature"
              ],
              "product": "Online Book Store System",
              "vendor": "SourceCodester",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Hemant Raj Bhati (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security vulnerability has been detected in SourceCodester Online Book Store System 1.0. Impacted is an unknown function of the file /admin/index.php?page=books of the component Book Image Upload Feature. Such manipulation leads to unrestricted upload. The attack may be performed from remote. The exploit has been disclosed publicly and may be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 4.7,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 4.7,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 5.8,
                "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-434",
                  "description": "Unrestricted Upload",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "Improper Access Controls",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-13T06:15:07.726Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-377889 | SourceCodester Online Book Store System Book Image Upload Feature index.php books unrestricted upload",
              "tags": [
                "vdb-entry"
              ],
              "url": "https://vuldb.com/vuln/377889"
            },
            {
              "name": "VDB-377889 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/377889/cti"
            },
            {
              "name": "CVE-2026-15539 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-15539"
            },
            {
              "name": "Submit #855046 | SourceCodester Online Book Store System 1.0 Remote Code Execution",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/855046"
            },
            {
              "tags": [
                "broken-link",
                "exploit"
              ],
              "url": "https://medium.com/@hemantrajbhati5555/critical-authenticated-remote-code-execution-rce-via-unrestricted-file-upload-5a4a313ea1f1"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.sourcecodester.com/"
            }
          ],
          "tags": [
            "x_freeware"
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-12T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-07-12T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-07-12T20:09:51.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "SourceCodester Online Book Store System Book Image Upload Feature index.php books unrestricted upload"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-15539",
        "datePublished": "2026-07-13T06:15:07.726Z",
        "dateReserved": "2026-07-12T18:04:47.797Z",
        "dateUpdated": "2026-07-13T14:48:07.777Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-15537 (GCVE-0-2026-15537)

    Vulnerability from cvelistv5 – Published: 2026-07-13 05:45 – Updated: 2026-07-13 18:11 X_Freeware
    VLAI
    Title
    SourceCodester Online Book Store System login.php sql injection
    Summary
    A security flaw has been discovered in SourceCodester Online Book Store System 1.0. This vulnerability affects unknown code of the file admin/login.php. The manipulation of the argument Username results in sql injection. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/vuln/377887 vdb-entrytechnical-description
    https://vuldb.com/vuln/377887/cti signaturepermissions-required
    https://vuldb.com/cve/CVE-2026-15537 third-party-advisory
    https://vuldb.com/submit/855010 third-party-advisory
    https://medium.com/@gauravkumar67482/sql-injectio… broken-linkexploit
    https://www.sourcecodester.com/ product
    Impacted products
    Vendor Product Version
    SourceCodester Online Book Store System Affected: 1.0
        cpe:2.3:a:sourcecodester:online_book_store_system:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Gaurav kumar (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-15537",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-13T18:07:20.645571Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-13T18:11:53.767Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:sourcecodester:online_book_store_system:*:*:*:*:*:*:*:*"
              ],
              "product": "Online Book Store System",
              "vendor": "SourceCodester",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Gaurav kumar (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security flaw has been discovered in SourceCodester Online Book Store System 1.0. This vulnerability affects unknown code of the file admin/login.php. The manipulation of the argument Username results in sql injection. The attack can be executed remotely. The exploit has been released to the public and may be used for attacks."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 7.5,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "SQL Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-13T05:45:09.011Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-377887 | SourceCodester Online Book Store System login.php sql injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/377887"
            },
            {
              "name": "VDB-377887 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/377887/cti"
            },
            {
              "name": "CVE-2026-15537 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-15537"
            },
            {
              "name": "Submit #855010 | SourceCodester Online Book Store System 1.0 SQL Injection",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/855010"
            },
            {
              "tags": [
                "broken-link",
                "exploit"
              ],
              "url": "https://medium.com/@gauravkumar67482/sql-injection-leading-to-authentication-bypass-43b773da1967"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.sourcecodester.com/"
            }
          ],
          "tags": [
            "x_freeware"
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-12T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-07-12T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-07-12T20:05:34.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "SourceCodester Online Book Store System login.php sql injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-15537",
        "datePublished": "2026-07-13T05:45:09.011Z",
        "dateReserved": "2026-07-12T18:00:30.574Z",
        "dateUpdated": "2026-07-13T18:11:53.767Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-15532 (GCVE-0-2026-15532)

    Vulnerability from cvelistv5 – Published: 2026-07-13 04:30 – Updated: 2026-07-13 15:51 X_Freeware
    VLAI
    Title
    SourceCodester Online Book Store System User Management cross site scripting
    Summary
    A vulnerability was identified in SourceCodester Online Book Store System 1.0. This issue affects some unknown processing of the component User Management Module. Such manipulation of the argument Name/Username leads to cross site scripting. The attack can be executed remotely. The exploit is publicly available and might be used.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/vuln/377877 vdb-entrytechnical-description
    https://vuldb.com/vuln/377877/cti signaturepermissions-required
    https://vuldb.com/cve/CVE-2026-15532 third-party-advisory
    https://vuldb.com/submit/854983 third-party-advisory
    https://medium.com/@gauravkumar67482/authenticate… broken-linkexploit
    https://www.sourcecodester.com/ product
    Impacted products
    Vendor Product Version
    SourceCodester Online Book Store System Affected: 1.0
        cpe:2.3:a:sourcecodester:online_book_store_system:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Gaurav kumar (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-15532",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-13T15:51:49.552657Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-13T15:51:56.052Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:sourcecodester:online_book_store_system:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "User Management Module"
              ],
              "product": "Online Book Store System",
              "vendor": "SourceCodester",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Gaurav kumar (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was identified in SourceCodester Online Book Store System 1.0. This issue affects some unknown processing of the component User Management Module. Such manipulation of the argument Name/Username leads to cross site scripting. The attack can be executed remotely. The exploit is publicly available and might be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 4.8,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 2.4,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 2.4,
                "baseSeverity": "LOW",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 3.3,
                "vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "Cross Site Scripting",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-94",
                  "description": "Code Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-13T04:30:08.174Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-377877 | SourceCodester Online Book Store System User Management cross site scripting",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/377877"
            },
            {
              "name": "VDB-377877 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/377877/cti"
            },
            {
              "name": "CVE-2026-15532 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-15532"
            },
            {
              "name": "Submit #854983 | SourceCodester Online Book Store System 1.0 Stored Cross-Site Scripting (Authenticated)",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/854983"
            },
            {
              "tags": [
                "broken-link",
                "exploit"
              ],
              "url": "https://medium.com/@gauravkumar67482/authenticated-stored-cross-site-scripting-xss-in-user-management-module-2c2ba72b2cdf"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.sourcecodester.com/"
            }
          ],
          "tags": [
            "x_freeware"
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-12T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-07-12T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-07-12T18:05:18.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "SourceCodester Online Book Store System User Management cross site scripting"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-15532",
        "datePublished": "2026-07-13T04:30:08.174Z",
        "dateReserved": "2026-07-12T16:00:14.084Z",
        "dateUpdated": "2026-07-13T15:51:56.052Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-15190 (GCVE-0-2026-15190)

    Vulnerability from cvelistv5 – Published: 2026-07-09 15:45 – Updated: 2026-07-09 17:14 X_Freeware
    VLAI
    Title
    SourceCodester Simple and Nice Shopping Cart Script login.php sql injection
    Summary
    A vulnerability was detected in SourceCodester Simple and Nice Shopping Cart Script 1.0. This affects an unknown part of the file /login.php. Performing a manipulation of the argument Username results in sql injection. Remote exploitation of the attack is possible. The exploit is now public and may be used.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    URL Tags
    https://vuldb.com/vuln/377116 vdb-entrytechnical-description
    https://vuldb.com/vuln/377116/cti signaturepermissions-required
    https://vuldb.com/cve/CVE-2026-15190 third-party-advisory
    https://vuldb.com/submit/851483 third-party-advisory
    https://github.com/zainaakinyi45-boop/cve/issues/1 exploitissue-tracking
    https://www.sourcecodester.com/ product
    Impacted products
    Vendor Product Version
    SourceCodester Simple and Nice Shopping Cart Script Affected: 1.0
        cpe:2.3:a:sourcecodester:simple_and_nice_shopping_cart_script:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    zainaakinyi45 (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-15190",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-09T17:13:41.707678Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-09T17:14:09.187Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:sourcecodester:simple_and_nice_shopping_cart_script:*:*:*:*:*:*:*:*"
              ],
              "product": "Simple and Nice Shopping Cart Script",
              "vendor": "SourceCodester",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "zainaakinyi45 (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was detected in SourceCodester Simple and Nice Shopping Cart Script 1.0. This affects an unknown part of the file /login.php. Performing a manipulation of the argument Username results in sql injection. Remote exploitation of the attack is possible. The exploit is now public and may be used."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 7.5,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-89",
                  "description": "SQL Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-74",
                  "description": "Injection",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-09T15:45:09.130Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-377116 | SourceCodester Simple and Nice Shopping Cart Script login.php sql injection",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/377116"
            },
            {
              "name": "VDB-377116 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/377116/cti"
            },
            {
              "name": "CVE-2026-15190 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-15190"
            },
            {
              "name": "Submit #851483 | SourceCodester Simple and Nice Shopping Cart Script 1.0 SQL Injection",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/851483"
            },
            {
              "tags": [
                "exploit",
                "issue-tracking"
              ],
              "url": "https://github.com/zainaakinyi45-boop/cve/issues/1"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.sourcecodester.com/"
            }
          ],
          "tags": [
            "x_freeware"
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-09T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-07-09T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-07-09T07:27:26.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "SourceCodester Simple and Nice Shopping Cart Script login.php sql injection"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-15190",
        "datePublished": "2026-07-09T15:45:09.130Z",
        "dateReserved": "2026-07-09T05:22:21.460Z",
        "dateUpdated": "2026-07-09T17:14:09.187Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-14778 (GCVE-0-2026-14778)

    Vulnerability from cvelistv5 – Published: 2026-07-05 23:30 – Updated: 2026-07-06 13:15 X_Freeware
    VLAI
    Title
    SourceCodester Onlne Examination & Learning Management System Enrollment Management ajax_enroll.php improper authorization
    Summary
    A security vulnerability has been detected in SourceCodester Onlne Examination & Learning Management System 1.0. This affects an unknown part of the file /ajax_enroll.php of the component Enrollment Management. The manipulation of the argument student_id/schedule_id/action leads to improper authorization. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. The name of the affected product appears to have a typo in it.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-285 - Improper Authorization
    • CWE-266 - Incorrect Privilege Assignment
    Assigner
    References
    Impacted products
    Vendor Product Version
    SourceCodester Onlne Examination & Learning Management System Affected: 1.0
        cpe:2.3:a:sourcecodester:onlne_examination_learning_management_system:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Fklov (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-14778",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-06T13:15:19.103122Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-06T13:15:27.861Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:sourcecodester:onlne_examination_learning_management_system:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "Enrollment Management"
              ],
              "product": "Onlne Examination \u0026 Learning Management System",
              "vendor": "SourceCodester",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Fklov (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security vulnerability has been detected in SourceCodester Onlne Examination \u0026 Learning Management System 1.0. This affects an unknown part of the file /ajax_enroll.php of the component Enrollment Management. The manipulation of the argument student_id/schedule_id/action leads to improper authorization. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. The name of the affected product appears to have a typo in it."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 7.3,
                "baseSeverity": "HIGH",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 7.5,
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-285",
                  "description": "Improper Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-266",
                  "description": "Incorrect Privilege Assignment",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-05T23:30:09.071Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-376368 | SourceCodester Onlne Examination \u0026 Learning Management System Enrollment Management ajax_enroll.php improper authorization",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/376368"
            },
            {
              "name": "VDB-376368 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/376368/cti"
            },
            {
              "name": "CVE-2026-14778 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-14778"
            },
            {
              "name": "Submit #850695 | SourceCodester Online Examination \u0026 Learning Management System 1.0 Missing Authorization",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/850695"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/nuiifornet/A033/blob/main/OE-LMS-IDOR-ajax_enroll.md"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.sourcecodester.com/"
            }
          ],
          "tags": [
            "x_freeware"
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-05T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-07-05T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-07-05T06:13:33.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "SourceCodester Onlne Examination \u0026 Learning Management System Enrollment Management ajax_enroll.php improper authorization"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-14778",
        "datePublished": "2026-07-05T23:30:09.071Z",
        "dateReserved": "2026-07-05T04:08:21.195Z",
        "dateUpdated": "2026-07-06T13:15:27.861Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-14777 (GCVE-0-2026-14777)

    Vulnerability from cvelistv5 – Published: 2026-07-05 23:15 – Updated: 2026-07-06 13:06 X_Freeware
    VLAI
    Title
    SourceCodester Onlne Examination & Learning Management System announcements.php unrestricted upload
    Summary
    A weakness has been identified in SourceCodester Onlne Examination & Learning Management System 1.0. Affected by this issue is some unknown functionality of the file /announcements.php. Executing a manipulation can lead to unrestricted upload. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks. The name of the affected product appears to have a typo in it.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    SourceCodester Onlne Examination & Learning Management System Affected: 1.0
        cpe:2.3:a:sourcecodester:onlne_examination_learning_management_system:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Fklov (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-14777",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-06T13:06:12.945244Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-06T13:06:24.795Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:sourcecodester:onlne_examination_learning_management_system:*:*:*:*:*:*:*:*"
              ],
              "product": "Onlne Examination \u0026 Learning Management System",
              "vendor": "SourceCodester",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Fklov (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A weakness has been identified in SourceCodester Onlne Examination \u0026 Learning Management System 1.0. Affected by this issue is some unknown functionality of the file /announcements.php. Executing a manipulation can lead to unrestricted upload. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks. The name of the affected product appears to have a typo in it."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-434",
                  "description": "Unrestricted Upload",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "Improper Access Controls",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-05T23:15:11.813Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-376367 | SourceCodester Onlne Examination \u0026 Learning Management System announcements.php unrestricted upload",
              "tags": [
                "vdb-entry"
              ],
              "url": "https://vuldb.com/vuln/376367"
            },
            {
              "name": "VDB-376367 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/376367/cti"
            },
            {
              "name": "CVE-2026-14777 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-14777"
            },
            {
              "name": "Submit #850679 | SourceCodester Online Examination \u0026 Learning Management System 1.0 Unrestricted Upload",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/850679"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/nuiifornet/A033/blob/main/OE-LMS-RCE-3-announcements.md"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.sourcecodester.com/"
            }
          ],
          "tags": [
            "x_freeware"
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-05T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-07-05T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-07-05T06:13:31.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "SourceCodester Onlne Examination \u0026 Learning Management System announcements.php unrestricted upload"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-14777",
        "datePublished": "2026-07-05T23:15:11.813Z",
        "dateReserved": "2026-07-05T04:08:18.319Z",
        "dateUpdated": "2026-07-06T13:06:24.795Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-14776 (GCVE-0-2026-14776)

    Vulnerability from cvelistv5 – Published: 2026-07-05 23:00 – Updated: 2026-07-06 16:49 X_Freeware
    VLAI
    Title
    SourceCodester Onlne Examination & Learning Management System Filename Extension upload_files.php pathinfo unrestricted upload
    Summary
    A security flaw has been discovered in SourceCodester Onlne Examination & Learning Management System 1.0. Affected by this vulnerability is the function pathinfo of the file /upload_files.php of the component Filename Extension. Performing a manipulation results in unrestricted upload. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks. The name of the affected product appears to have a typo in it.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    SourceCodester Onlne Examination & Learning Management System Affected: 1.0
        cpe:2.3:a:sourcecodester:onlne_examination_learning_management_system:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Fklov (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-14776",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-06T16:35:56.782745Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-06T16:49:27.412Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:sourcecodester:onlne_examination_learning_management_system:*:*:*:*:*:*:*:*"
              ],
              "modules": [
                "Filename Extension"
              ],
              "product": "Onlne Examination \u0026 Learning Management System",
              "vendor": "SourceCodester",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Fklov (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A security flaw has been discovered in SourceCodester Onlne Examination \u0026 Learning Management System 1.0. Affected by this vulnerability is the function pathinfo of the file /upload_files.php of the component Filename Extension. Performing a manipulation results in unrestricted upload. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks. The name of the affected product appears to have a typo in it."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-434",
                  "description": "Unrestricted Upload",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "Improper Access Controls",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-05T23:00:11.544Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-376366 | SourceCodester Onlne Examination \u0026 Learning Management System Filename Extension upload_files.php pathinfo unrestricted upload",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/376366"
            },
            {
              "name": "VDB-376366 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/376366/cti"
            },
            {
              "name": "CVE-2026-14776 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-14776"
            },
            {
              "name": "Submit #850678 | SourceCodester Online Examination \u0026 Learning Management System 1.0 Unrestricted Upload",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/850678"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/nuiifornet/A033/blob/main/OE-LMS-RCE-2-upload_files.md"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.sourcecodester.com/"
            }
          ],
          "tags": [
            "x_freeware"
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-05T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-07-05T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-07-05T06:13:28.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "SourceCodester Onlne Examination \u0026 Learning Management System Filename Extension upload_files.php pathinfo unrestricted upload"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-14776",
        "datePublished": "2026-07-05T23:00:11.544Z",
        "dateReserved": "2026-07-05T04:08:15.541Z",
        "dateUpdated": "2026-07-06T16:49:27.412Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-14775 (GCVE-0-2026-14775)

    Vulnerability from cvelistv5 – Published: 2026-07-05 22:45 – Updated: 2026-07-07 02:54 X_Freeware
    VLAI
    Title
    SourceCodester Onlne Examination & Learning Management System process_lesson.php unrestricted upload
    Summary
    A vulnerability was identified in SourceCodester Onlne Examination & Learning Management System 1.0. Affected is an unknown function of the file /process_lesson.php. Such manipulation of the argument user_id leads to unrestricted upload. The attack may be launched remotely. The exploit is publicly available and might be used. The name of the affected product appears to have a typo in it.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    References
    Impacted products
    Vendor Product Version
    SourceCodester Onlne Examination & Learning Management System Affected: 1.0
        cpe:2.3:a:sourcecodester:onlne_examination_learning_management_system:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Fklov (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-14775",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-07T02:54:38.833725Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-07T02:54:51.798Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "cpes": [
                "cpe:2.3:a:sourcecodester:onlne_examination_learning_management_system:*:*:*:*:*:*:*:*"
              ],
              "product": "Onlne Examination \u0026 Learning Management System",
              "vendor": "SourceCodester",
              "versions": [
                {
                  "status": "affected",
                  "version": "1.0"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "reporter",
              "value": "Fklov (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability was identified in SourceCodester Onlne Examination \u0026 Learning Management System 1.0. Affected is an unknown function of the file /process_lesson.php. Such manipulation of the argument user_id leads to unrestricted upload. The attack may be launched remotely. The exploit is publicly available and might be used. The name of the affected product appears to have a typo in it."
            }
          ],
          "metrics": [
            {
              "cvssV4_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
                "version": "4.0"
              }
            },
            {
              "cvssV3_1": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 6.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 6.5,
                "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-434",
                  "description": "Unrestricted Upload",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "Improper Access Controls",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-05T22:45:09.190Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "name": "VDB-376365 | SourceCodester Onlne Examination \u0026 Learning Management System process_lesson.php unrestricted upload",
              "tags": [
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://vuldb.com/vuln/376365"
            },
            {
              "name": "VDB-376365 | CTI Indicators (IOB, IOC, TTP, IOA)",
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/vuln/376365/cti"
            },
            {
              "name": "CVE-2026-14775 | CVE Analysis and Report",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/cve/CVE-2026-14775"
            },
            {
              "name": "Submit #850677 | SourceCodester Online Examination \u0026 Learning Management System 1.0 Unrestricted Upload",
              "tags": [
                "third-party-advisory"
              ],
              "url": "https://vuldb.com/submit/850677"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://github.com/nuiifornet/A033/blob/main/OE-LMS-RCE-1-process_lesson.md"
            },
            {
              "tags": [
                "product"
              ],
              "url": "https://www.sourcecodester.com/"
            }
          ],
          "tags": [
            "x_freeware"
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2026-07-05T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2026-07-05T02:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2026-07-05T06:13:25.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "SourceCodester Onlne Examination \u0026 Learning Management System process_lesson.php unrestricted upload"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2026-14775",
        "datePublished": "2026-07-05T22:45:09.190Z",
        "dateReserved": "2026-07-05T04:08:13.179Z",
        "dateUpdated": "2026-07-07T02:54:51.798Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }