Carmelo Security Vulnerabilities (CVEs)
Track 64 security vulnerabilities affecting Carmelo products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
CVE-2026-2158 is a SQL injection vulnerability in code-projects Student Web Portal 1.0 that allows remote attackers to execute arbitrary SQL commands ...
Feb 8, 2026Computer Book Store 1.0 contains an unrestricted file upload vulnerability in admin_add.php that allows attackers to upload malicious files. This can ...
Jan 27, 2026This CVE describes a SQL injection vulnerability in code-projects Intern Membership Management System 1.0. Attackers can exploit the activity_id param...
Jan 11, 2026This SQL injection vulnerability in Intern Membership Management System 1.0 allows attackers to manipulate database queries through the Username param...
Jan 8, 2026This SQL injection vulnerability in Intern Membership Management System 1.0 allows attackers to manipulate database queries through the activity_id pa...
Jan 8, 2026This SQL injection vulnerability in Intern Membership Management System 1.0 allows attackers to execute arbitrary SQL commands through the Username pa...
Jan 8, 2026This SQL injection vulnerability in Intern Membership Management System 1.0 allows remote attackers to manipulate database queries via the admin_id pa...
Jan 8, 2026This CVE describes a SQL injection vulnerability in code-projects Intern Membership Management System 1.0. Attackers can remotely exploit the /intern/...
Jan 8, 2026CVE-2025-15243 is an SQL injection vulnerability in Simple Stock System 1.0's login.php file that allows remote attackers to execute arbitrary SQL com...
Dec 30, 2025This SQL injection vulnerability in Simple Stock System 1.0 allows remote attackers to execute arbitrary SQL commands via the 'uname' parameter in /lo...
Dec 22, 2025CVE-2025-14968 is an SQL injection vulnerability in Simple Stock System 1.0 that allows remote attackers to execute arbitrary SQL commands via the ema...
Dec 19, 2025CVE-2025-14959 is an SQL injection vulnerability in Simple Stock System 1.0 that allows remote attackers to execute arbitrary SQL commands through the...
Dec 19, 2025CVE-2025-14834 is an SQL injection vulnerability in Simple Stock System 1.0 that allows attackers to manipulate database queries via the Username para...
Dec 17, 2025CVE-2025-14647 is a SQL injection vulnerability in Computer Book Store 1.0 that allows remote attackers to execute arbitrary SQL commands via the 'boo...
Dec 14, 2025CVE-2025-14642 is an unrestricted file upload vulnerability in Computer Laboratory System 1.0 that allows remote attackers to upload malicious files v...
Dec 14, 2025CVE-2025-14641 is an unrestricted file upload vulnerability in Computer Laboratory System 1.0's admin/admin_pic.php file. Attackers can remotely uploa...
Dec 14, 2025This vulnerability allows remote attackers to execute arbitrary SQL commands via the 'keyname' parameter in the /admin/search1.php file of Prison Mana...
Dec 13, 2025This CVE describes a SQL injection vulnerability in code-projects Prison Management System 2.0 affecting the /admin/search.php file. Attackers can man...
Dec 13, 2025This SQL injection vulnerability in Daily Time Recording System 4.5.0 allows attackers to manipulate database queries through the detail_Id parameter ...
Dec 8, 2025CVE-2025-14223 is an SQL injection vulnerability in Simple Leave Manager 1.0 that allows attackers to manipulate database queries through the staff_id...
Dec 8, 2025This SQL injection vulnerability in code-projects Question Paper Generator allows attackers to manipulate database queries through the 'subid' paramet...
Dec 7, 2025This vulnerability allows remote attackers to execute SQL injection attacks against Question Paper Generator 1.0 by manipulating the Fname parameter i...
Nov 24, 2025This SQL injection vulnerability in Simple Pizza Ordering System 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter in...
Nov 18, 2025This SQL injection vulnerability in code-projects Online Event Judging System 1.0 allows attackers to manipulate database queries through the judge_id...
Oct 27, 2025This SQL injection vulnerability in code-projects Online Event Judging System 1.0 allows attackers to manipulate database queries via the contestant_i...
Oct 27, 2025CVE-2025-12255 is an SQL injection vulnerability in code-projects Online Event Judging System 1.0 affecting the /add_contestant.php file. Attackers ca...
Oct 27, 2025This SQL injection vulnerability in Online Event Judging System 1.0 allows attackers to execute arbitrary SQL commands through the content parameter i...
Oct 27, 2025CVE-2025-60307 is a critical SQL injection vulnerability in code-projects Computer Laboratory System 1.0 that allows authentication bypass via a unive...
Oct 10, 2025This SQL injection vulnerability in Student Result Manager 1.0 allows remote attackers to execute arbitrary SQL commands by manipulating roll, name, o...
Oct 9, 2025CVE-2025-56280 is a cross-site scripting (XSS) vulnerability in code-projects Food Ordering Review System 1.0 that allows attackers to inject maliciou...
Sep 16, 2025Computer Laboratory System 1.0 has an unrestricted file upload vulnerability that allows authenticated staff users to upload PHP backdoor files throug...
Sep 16, 2025This XSS vulnerability in code-projects Food Ordering Review System 1.0 allows attackers to inject malicious JavaScript via the registration username ...
Sep 16, 2025This SQL injection vulnerability in code-projects Online Event Judging System 1.0 allows attackers to manipulate database queries through the txtsearc...
Sep 8, 2025CVE-2025-10102 is a SQL injection vulnerability in code-projects Online Event Judging System 1.0 that allows remote attackers to execute arbitrary SQL...
Sep 8, 2025This SQL injection vulnerability in code-projects Online Event Judging System 1.0 allows attackers to manipulate database queries through the fname pa...
Aug 29, 2025This critical SQL injection vulnerability in Intern Membership Management System 1.0 allows remote attackers to execute arbitrary SQL commands via the...
Aug 3, 2025This critical SQL injection vulnerability in Intern Membership Management System 1.0 allows remote attackers to execute arbitrary SQL commands via the...
Aug 2, 2025This vulnerability allows attackers to inject malicious scripts via the email parameter in the fill_details.php file of Intern Membership Management S...
Jul 31, 2025A critical SQL injection vulnerability exists in the Church Donation System 1.0, specifically in the admin login page. Attackers can manipulate the Us...
Jul 25, 2025This critical SQL injection vulnerability in Food Review System 1.0 allows remote attackers to execute arbitrary SQL commands via the 'occasion' param...
Jul 25, 2025A critical SQL injection vulnerability exists in Church Donation System 1.0 where the fname parameter in /members/edit_Members.php is not properly san...
Jul 21, 2025This critical SQL injection vulnerability in Church Donation System 1.0 allows remote attackers to execute arbitrary SQL commands via the 'firstname' ...
Jul 21, 2025A critical SQL injection vulnerability exists in the Church Donation System 1.0's admin login page. Attackers can manipulate the Username parameter to...
Jul 20, 2025This critical SQL injection vulnerability in Church Donation System 1.0 allows attackers to manipulate database queries through the Amount parameter i...
Jul 19, 2025A critical SQL injection vulnerability in Church Donation System 1.0 allows remote attackers to execute arbitrary SQL commands via the trcode paramete...
Jul 19, 2025This critical SQL injection vulnerability in Church Donation System 1.0 allows attackers to execute arbitrary SQL commands via the Username parameter ...
Jul 19, 2025A critical SQL injection vulnerability in code-projects Food Ordering Review System 1.0 allows remote attackers to execute arbitrary SQL commands via ...
Jul 18, 2025This critical SQL injection vulnerability in Staff Audit System 1.0 allows attackers to execute arbitrary SQL commands through the User parameter in /...
Jul 8, 2025CVE-2025-6938 is a critical SQL injection vulnerability in Simple Pizza Ordering System 1.0 that allows remote attackers to execute arbitrary SQL comm...
Jul 1, 2025CVE-2025-6936 is a critical SQL injection vulnerability in Simple Pizza Ordering System 1.0 that allows remote attackers to execute arbitrary SQL comm...
Jul 1, 2025Why Monitor Carmelo Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 64+ known vulnerabilities affecting Carmelo products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Carmelo packages in under 60 seconds. No agents required - completely agentless scanning that works across Carmelo deployments.
Free vulnerability database: Access detailed information about every Carmelo CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Carmelo CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
