Sourcecodester Vulnerabilities

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

Type

The moderation team is working with the threat intelligence team to categorize software that is affected by security vulnerabilities. This helps to illustrate the assignment of these categories to determine the most affected software types.

Product

SourceCodester Library Management System34
SourceCodester Prison Management System19
SourceCodester Baby Care System18
SourceCodester Garage Management System17
SourceCodester Attendance and Payroll System17

Grouping vulnerabilities by products helps to get an overview. This makes it possible to determine an homogeneous landscape or the most important hotspots in heterogeneous landscapes.

Remediation

Official Fix2
Temporary Fix0
Workaround0
Unavailable0
Not Defined545

Vendors and researchers are eager to find countermeasures to mitigate security vulnerabilities. These can be distinguished between multiple forms and levels of remediation which influence risks differently.

Exploitability

High0
Functional1
Proof-of-Concept308
Unproven0
Not Defined238

Researcher and attacker which are looking for security vulnerabilities try to exploit them for academic purposes or personal gain. The level and quality of exploitability can be distinguished to determine simplicity and strength of attacks.

Access Vector

Not Defined0
Physical0
Local2
Adjacent25
Network520

The approach a vulnerability it becomes important to use the expected access vector. This is typically via the network, local, or physically even.

Authentication

Not Defined0
High22
Low443
None82

To exploit a vulnerability a certail level of authentication might be required. Vulnerabilities without such a requirement are much more popular.

User Interaction

Not Defined0
Required160
None387

Some attack scenarios require some user interaction by a victim. This is typical for phishing, social engineering and cross site scripting attacks.

C3BM Index

Our unique C3BM Index (CVSSv3 Base Meta Index) cumulates the CVSSv3 Meta Base Scores of all entries over time. Comparing this index to the amount of disclosed vulnerabilities helps to pinpoint the most important events.

CVSSv3 Base

≤10
≤20
≤35
≤468
≤593
≤633
≤7158
≤8164
≤926
≤100

The Common Vulnerability Scoring System (CVSS) is an industry standard to define the characteristics and impacts of security vulnerabilities. The base score represents the intrinsic aspects that are constant over time and across user environments. Our unique meta score merges all available scores from different sources to aggregate to the most reliable result.

CVSSv3 Temp

≤10
≤20
≤35
≤491
≤571
≤695
≤7135
≤8136
≤914
≤100

The Common Vulnerability Scoring System (CVSS) uses temp scores to reflect the characteristics of a vulnerability that may change over time but not across user environments. This includes reporting confidence, exploitability and remediation levels. We do also provide our unique meta score for temp scores, even though other sources rarely publish them.

VulDB

≤10
≤20
≤313
≤4130
≤540
≤633
≤7278
≤853
≤90
≤100

The moderation team is always defining the base vector and base score for an entry. These and all other available scores are used to generate the meta score.

NVD

≤10
≤20
≤30
≤40
≤517
≤641
≤737
≤818
≤965
≤10112

The National Vulnerability Database (NVD) is also defining CVSS vectors and scores. These are usually not complete and might differ from VulDB scores.

CNA

≤10
≤20
≤39
≤436
≤517
≤64
≤761
≤812
≤90
≤100

A CVE Numbering Authority (CNA) is responsible for assigning new CVE entries. They might also include a CVSS score. These are usually not complete and might differ from VulDB scores.

Vendor

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

Some vendors are willing to publish their own CVSS vectors and scores for vulnerabilities in their products. The coverage varies from vendor to vendor.

Research

≤10
≤20
≤30
≤40
≤50
≤60
≤70
≤80
≤90
≤100

There are sometimes also security researcher which provide their own CVSS vectors and scores for vulnerabilities they have found and published.

Exploit 0-day

<1k150
<2k296
<5k101
<10k0
<25k0
<50k0
<100k0
≥100k0

The moderation team is working with the threat intelligence team to determine prices for exploits. Our unique algorithm is used to identify the 0-day prices for an exploit, before it got distributed or became public. Calculated prices are aligned to prices disclosed by vulnerability broker and compared to prices we see on exploit markets.

Exploit Today

<1k379
<2k168
<5k0
<10k0
<25k0
<50k0
<100k0
≥100k0

The 0-day prices do not consider time-relevant factors. The today price does reflect price impacts like disclosure of vulnerability details, alternative exploits, availability of countermeasures. These dynamic aspects might decrease the exploit prices over time. Under certain circumstances this happens very fast.

Exploit Market Volume

Our unique calculation of exploit prices makes it possible to forecast the expected exploit market volume. The calculated prices for all possible 0-day expoits are cumulated for this task. Comparing the volume to the amount of disclosed vulnerabilities helps to pinpoint the most important events.

🔴 CTI Activities

Our unique Cyber Threat Intelligence aims to determine the ongoing research of actors to anticipiate their acitivities. Observing exploit markets on the Darknet, discussions of vulnerabilities on mailinglists, and exchanges on social media makes it possible to identify planned attacks. Monitored actors and activities are classified whether they are offensive or defensive. They are also weighted as some actors are well-known for certain products and technologies. And some of their disclosures might contain more or less details about technical aspects and personal context. The world map highlights active actors in real-time.

Affected Products (186): Alphaware Simple E-Commerce System (2), Alumni Management System (6), Apartment Visitor Management System (4), Attendance Management System (2), Attendance and Payroll System (17), Automated Beer Parlour Billing System (1), Baby Care System (18), Bank Management System (2), Banking System (1), Basic Shopping Cart (1), Best Fee Management System (1), Billing System Project (3), Blood Bank Management System (2), Book Store Management System (5), Booking System (1), Budget Management System (1), Budget and Expense Tracker System (2), COVID 19 Testing Management System (1), Canteen Management System (10), Car Rental Management System (2), Cashier Queuing System (3), Church Management System (2), Clinics Patient Management System (4), College Website Management System (1), Company Website CMS (9), Complaint Management System (1), Computer and Mobile Repair Shop Management System (1), Content Management System (1), Covid-19 Directory on Vaccination (2), Customer Relationship Management (2), Daily Tracker System (2), Doctor's Appointment System (1), Doctor Appointment System (1), Doctors Appointment System (1), Dynamic Transaction Queuing System (1), E-Commerce Website (4), E-Negosyo System (2), Electric Billing Management System (1), Electronic Medical Records System (2), Employee Daily Task Management System (1), Employee Management System (4), Employee and Visitor Gate Pass Logging System (1), Engineers Online Portal (1), Engineers Online Portal in PHP (7), Equipment Inventory System (1), Event Registration App (1), Event Registration System (2), Expense Management System (1), Fantastic-Blog-CMS (1), Fantastic Blog CMS (1), Food Ordering Management System (1), Free School Management Software (1), Gadget Works Online Ordering System (1), Garage Management System (17), Gas Agency Management System (2), Guest Management System (4), Gym Management System (13), Hospital Patient Record Management System (1), Hospitals Patient Records Management System (1), Hotel (1), Hotel Management System (3), Hotel and Lodge Management System (1), House Rental and Property Listing (1), Human Resource Management System (12), Ingredient Stock Management System (2), Interview Management System (2), Invoice System (1), Lead Management System (8), Learning Management System (1), Library Management System (34), Loan Management System (4), Lodge Management System (1), Lodging Reservation Management System (1), Logistic Hub Parcel's Management System (1), Management System (4), Medical Hub Directory Site (1), Messaging Web Application (1), Microfinance Management System (3), Mobile Shop System in PHP MySQL (1), Money Transfer Management System (1), Multi Language Hotel Management Software (2), Multi Restaurant Table Reservation System (6), News247 CMS (1), News247 News Magazine (1), One Church Management System (3), Online Admission System (4), Online Bike Rental (1), Online Bus Booking System (1), Online Catering Reservation System (1), Online Class and Exam Scheduling System (2), Online Clothing Store (3), Online Course Registration (2), Online Covid-19 Directory on Vaccination System (1), Online Covid Vaccination Scheduler System (4), Online Diagnostic Lab Management System (5), Online Discussion Forum Site (3), Online Employee Leave Management System (1), Online Enrollment Management System in PHP (2), Online Event Booking and Reservation System (3), Online Flight Booking Management System (3), Online Food Ordering System (8), Online Grading System (3), Online Health Care System (1), Online Learning System (2), Online Leave Management System (1), Online Market Place Site (2), Online Medicine Ordering System (2), Online Payment Hub (1), Online Project Time Management System (3), Online Railway Reservation Sysytem (1), Online Resort Management System (1), Online Reviewer System (2), Online Shopping Alphaware (2), Online Student Admission System (1), Online Thesis Archiving System (1), Online Tours & Travels Management System (1), OpenOlat (1), Ordering System (1), PHP CRUD Tutorial (1), Password Storage Application (1), Patient Appointment Scheduler System (1), Phone Shop Sales Management System (1), Phone Shop Sales Managements System (3), Pisay Online E-Learning System (1), Printable Staff ID Card Creator System (1), Prison Management System (19), Product Show Room Site (2), Purchase Order Management System (5), Rescue Dispatch Management System (2), Responsive Online Blog (1), Responsive Ordering System (1), Royale Event Management System (2), SCBS Online Sports Venue Reservation System (2), Sales and Inventory System (1), Sanitization Management System (12), School Activity Updates with SMS Notification (1), School Dormitory Management System (6), School File Management System (2), Seat Reservation System (2), Simple Cashiering System (2), Simple Chatbot Application (2), Simple Client Management System (6), Simple Cold Storage Management System (8), Simple College Website (2), Simple E-Learning System (9), Simple Food Ordering System (1), Simple Food Website (2), Simple Grocery Store Sales and Inventory System (1), Simple Library Management System (2), Simple Membership System (1), Simple Music Clour Community System (1), Simple Online Book Store (1), Simple Online Book Store System (5), Simple Online Public Access Catalog (1), Simple Parking Management System (2), Simple Sales Management System (1), Simple Social Networking Site (4), Simple Student Information System (2), Simple Subscription Website (4), Simple Task Managing System (7), Simple Water Refilling Station Management System (2), Simple and Nice Shopping Cart Script (3), Simple e-Learning System (1), South Gate Inn Online Reservation System (2), Stock Management System (4), Stock Management System in PHP OOP (1), Storage Unit Rental Management System (2), Student Attendance Management System (1), Student Information System (1), Student Management System (2), Student Quarterly Grading System (1), Student Result Management System (1), Tailor Management (1), Tailor Management System (1), Theme Park Ticketing System (3), Tourism Management System (2), Train Scheduler App (1), Travel Management System (2), Try My Recipe (2), Vehicle Parking Management System (3), Vehicle Service Management System (14), Water Billing System (2), Web-Based Student Clearance System (4), Wedding Hall Booking System (4), Zoo Management System (4), eLearning System (1)

PublishedBaseTempVulnerabilityProdExpRemCTIEPSSCVE
01/17/20237.36.6SourceCodester Online Food Ordering System manage_user.php sql injectionUnknownProof-of-ConceptNot Defined1.130.00954CVE-2023-0332
01/16/20237.36.6SourceCodester Online Tours & Travels Management System page-login.php sql injectionUnknownProof-of-ConceptNot Defined0.420.00954CVE-2023-0324
01/15/20236.35.7SourceCodester Online Food Ordering System Login Module admin_class.php sql injectionUnknownProof-of-ConceptNot Defined0.000.05372CVE-2023-0305
01/15/20236.35.7SourceCodester Online Food Ordering System Signup Module admin_class.php sql injectionUnknownProof-of-ConceptNot Defined0.420.05372CVE-2023-0304
01/15/20236.35.7SourceCodester Online Food Ordering System view_prod.php sql injectionUnknownProof-of-ConceptNot Defined0.000.05372CVE-2023-0303
01/13/20236.35.7SourceCodester Online Flight Booking Management System POST Parameter review_search.php sql injectionUnknownProof-of-ConceptNot Defined0.000.00954CVE-2023-0283
01/13/20236.35.7SourceCodester Online Flight Booking Management System judge_panel.php sql injectionUnknownProof-of-ConceptNot Defined0.070.00954CVE-2023-0281
01/12/20232.42.2SourceCodester Online Food Ordering System Category List cross site scriptingUnknownProof-of-ConceptNot Defined0.000.00885CVE-2023-0258
01/12/20234.74.3SourceCodester Online Food Ordering System Menu Form unrestricted uploadUnknownProof-of-ConceptNot Defined0.140.00885CVE-2023-0257
01/12/20236.35.7SourceCodester Online Food Ordering System Login Page sql injectionUnknownProof-of-ConceptNot Defined0.140.00885CVE-2023-0256
01/12/20236.35.7SourceCodester Online Flight Booking Management System add_contestant.php sql injectionUnknownProof-of-ConceptNot Defined0.140.00890CVE-2023-0245
01/11/20235.55.3SourceCodester Lead Management System removeCategories.php sql injectionUnknownNot DefinedNot Defined0.020.00885CVE-2022-47864
01/11/20235.55.3SourceCodester Lead Management System ajax_represent.php sql injectionUnknownNot DefinedNot Defined0.000.00885CVE-2022-47862
01/11/20235.55.3SourceCodester Lead Management System removeLead.php sql injectionUnknownNot DefinedNot Defined0.020.00885CVE-2022-47861
01/11/20235.55.3SourceCodester Lead Management System removeProduct.php sql injectionUnknownNot DefinedNot Defined0.000.00885CVE-2022-47860
01/11/20235.55.3SourceCodester Lead Management System changePassword.php sql injectionUnknownNot DefinedNot Defined0.060.00885CVE-2022-47859
01/11/20235.55.3SourceCodester Lead Management System removeBrand.php sql injectionUnknownNot DefinedNot Defined0.000.00885CVE-2022-47866
01/11/20235.55.3SourceCodester Lead Management System removeOrder.php sql injectionUnknownNot DefinedNot Defined0.020.00885CVE-2022-47865
01/09/20236.36.1SourceCodester Dynamic Transaction Queuing System sql injectionUnknownNot DefinedNot Defined0.000.00885CVE-2022-47790
01/06/20234.34.2SourceCodester Theme Park Ticketing System manage_user.php information disclosureTicket Tracking SoftwareNot DefinedNot Defined0.140.01055CVE-2022-40049
12/30/20226.36.1SourceCodester Sanitization Management System sql injectionUnknownNot DefinedNot Defined0.040.00885CVE-2022-44137
12/30/20227.36.6SourceCodester Lead Management System login.php sql injectionUnknownProof-of-ConceptNot Defined0.000.12492CVE-2022-4855
12/25/20227.36.6SourceCodester School Dormitory Management System Admin Login sql injectionUnknownProof-of-ConceptNot Defined0.000.00885CVE-2022-4739
12/25/20224.33.9SourceCodester Blood Bank Management System User Registration cross site scriptingBanking SoftwareProof-of-ConceptNot Defined0.140.00885CVE-2022-4738
12/25/20227.36.6SourceCodester Blood Bank Management System login.php sql injectionBanking SoftwareProof-of-ConceptNot Defined0.000.09029CVE-2022-4737

522 more entries are not shown

Might our Artificial Intelligence support you?

Check our Alexa App!