Chaste

#7148of 53,624
38.2Total CVSS
Vulnerabilities · 4
High
1
Critical
3
PT-2025-50721
9.8
2025-12-11
Code Projects · Class/Exam Timetable Management · CVE-2025-14536
**Name of the Vulnerable Software and Affected Versions** code-projects Class and Exam Timetable Management version 1.0 **Description** A SQL injection flaw exists in the Login component within the '/index.php' file. This issue allows remote attackers to execute arbitrary SQL commands by manipulating the `username` and `password` arguments. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2025-50727
9.8
2025-12-11
Unknown · Code-Projects Class/Exam Timetable Management · CVE-2025-14537
**Name of the Vulnerable Software and Affected Versions** code-projects Class and Exam Timetable Management version 1.0 **Description** A weakness exists in code-projects Class and Exam Timetable Management 1.0. The issue is related to some unknown functionality within the `/preview7.php` file. Manipulation of the `course year section/semester` argument can lead to SQL injection. Remote exploitation is possible. The exploit has been made publicly available. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2025-49516
9.8
2025-12-08
Unknown · Simple Leave Manager · CVE-2025-14223
**Name of the Vulnerable Software and Affected Versions** Simple Leave Manager version 1.0 **Description** A flaw exists in an unspecified functionality of the `/request.php` file that allows for SQL injection. Manipulating the `staff id` argument can trigger this issue, and the attack can be initiated remotely. The exploit for this issue has been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2025-49547
8.8
2025-12-08
Code Projects · Daily Time Recording System · CVE-2025-14230
**Name of the Vulnerable Software and Affected Versions** code-projects Daily Time Recording System version 4.5.0 **Description** A SQL injection issue exists in code-projects Daily Time Recording System version 4.5.0. The issue is located in the `/admin/add payroll.php` file, specifically through manipulation of the `detail Id` argument to an unknown function. This allows for remote attacks, and an exploit is publicly available. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.