Zhengxiang

#6949of 53,632
39.2Total CVSS
Vulnerabilities · 4
Critical
4
PT-2025-39676
9.8
2025-09-26
Unknown · Code-Projects E-Commerce Website · CVE-2025-11036
**Name of the Vulnerable Software and Affected Versions** code-projects E-Commerce Website version 1.0 **Description** A flaw exists in code-projects E-Commerce Website 1.0 that allows for SQL injection. The issue is located in the file `/pages/admin account update.php` and involves manipulation of the `user id` argument. This can be exploited remotely. The exploit is publicly available. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2025-39677
9.8
2025-09-26
Unknown · Code-Projects E-Commerce Website · CVE-2025-11037
**Name of the Vulnerable Software and Affected Versions** code-projects E-Commerce Website version 1.0 **Description** A security flaw exists in code-projects E-Commerce Website 1.0. The issue involves the manipulation of the `Search` argument in the file `/pages/admin index search.php`, leading to a SQL injection. This attack can be initiated remotely. The exploit has been publicly released. The vulnerable component is an unknown function within the specified file. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2025-38281
9.8
2025-09-17
Sourcecodester · Free Hotel Reservation System · CVE-2025-10621
**Name of the Vulnerable Software and Affected Versions** SourceCodester Hotel Reservation System version 1.0 **Description** A SQL injection issue exists in the `editroomimage.php` file due to manipulation of the `ID` argument. This can be initiated remotely. The exploit has been publicly disclosed. **Recommendations** As a temporary workaround, consider restricting access to the `editroomimage.php` file until a fix is available. Sanitize the `ID` argument before using it in SQL queries.
PT-2025-38284
9.8
2025-09-17
Sourcecodester · Free Hotel Reservation System · CVE-2025-10623
**Name of the Vulnerable Software and Affected Versions** SourceCodester Hotel Reservation System version 1.0 **Description** A SQL injection issue exists in the `deleteuser.php` file due to manipulation of the `ID` argument. This can be exploited remotely. The exploit is publicly available. **Recommendations** As a temporary workaround, consider restricting access to the `deleteuser.php` file until a fix is available. Sanitize the `ID` parameter before using it in any database queries.