Colorado

#9403of 53,619
29.4Total CVSS
Vulnerabilities · 3
Critical
3
PT-2025-15299
9.8
2025-04-07
Sourcecodester · Sourcecodester Web-Based Pharmacy Product Management System · CVE-2025-3383
**Name of the Vulnerable Software and Affected Versions** SourceCodester Web-based Pharmacy Product Management System version 1.0 **Description** A critical issue affects the processing of the file /search/search sales.php, where the manipulation of the `Name` argument leads to SQL injection. The attack can be initiated remotely. **Recommendations** For SourceCodester Web-based Pharmacy Product Management System version 1.0, consider restricting access to the /search/search sales.php file until a patch is available. As a temporary workaround, avoid using the `Name` argument in the affected file to minimize the risk of exploitation.
PT-2025-12540
9.8
2025-03-23
Unknown · Sourcecodester Ac Repair/Services System · CVE-2025-2654
**Name of the Vulnerable Software and Affected Versions** SourceCodester AC Repair and Services System version 1.0 **Description** A critical issue has been found in the system, affecting an unknown part of the file /admin/services/manage service.php. The manipulation of the `ID` argument leads to SQL injection. It is possible to initiate the attack remotely. **Recommendations** For SourceCodester AC Repair and Services System version 1.0, consider restricting access to the `/admin/services/manage service.php` file until a patch is available. As a temporary workaround, avoid using the `ID` argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.
PT-2025-12541
9.8
2025-03-23
Sourcecodester · Sourcecodester Ac Repair/Services System · CVE-2025-2655
**Name of the Vulnerable Software and Affected Versions** SourceCodester AC Repair and Services System version 1.0 **Description** A critical issue has been identified, affecting the `save users` function in the `/classes/Users.php` file. The manipulation of the `ID` argument leads to SQL injection. This issue can be exploited remotely. **Recommendations** For SourceCodester AC Repair and Services System version 1.0, consider disabling the `save users` function until a patch is available to prevent SQL injection attacks. Restrict access to the `/classes/Users.php` file to minimize the risk of exploitation. Avoid using the `ID` argument in the affected function until the issue is resolved.