Amorsec/CVE-PHP

Releases0

Detected vulnerabilities in php projects.

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2026-36235 ↗	Apr 10, 2026Friday, 10 April 2026, 15:16	9.8 CRITICAL	—
A SQL injection vulnerability was found in the scheduleSubList.php file of itsourcecode Online Student Enrollment System v1.0. The reason for this issue is that the 'subjcode' parameter is directly embedded into the SQL query via string interpolation without any sanitization or validation.
CVE-2026-36236 ↗	Apr 10, 2026Friday, 10 April 2026, 15:16	9.8 CRITICAL	—
SourceCodester Engineers Online Portal v1.0 is vulnerable to SQL Injection in update_password.php via the new_password parameter.
CVE-2026-36232 ↗	Apr 10, 2026Friday, 10 April 2026, 15:16	9.8 CRITICAL	—
A SQL injection vulnerability was found in the instructorClasses.php file of itsourcecode Online Student Enrollment System v1.0. The reason for this issue is that the 'classId' parameter from $_GET['classId'] is directly concatenated into the SQL query without any sanitization or validation.
CVE-2026-36233 ↗	Apr 10, 2026Friday, 10 April 2026, 15:16	9.8 CRITICAL	—
A SQL injection vulnerability was found in the assignInstructorSubjects.php file of itsourcecode Online Student Enrollment System v1.0. The reason for this issue is that attackers can inject malicious code via the parameter "subjcode" and use it directly in SQL queries without the need for appropriate cleaning or validation.
CVE-2026-36234 ↗	Apr 10, 2026Friday, 10 April 2026, 15:16	9.8 CRITICAL	—
itsourcecode Online Student Enrollment System v1.0 is vulnerable to SQL Injection in newCourse.php via the 'coursename' parameter.