College Management System v1.0 - Authenticated remote code execution. An admin user (the authentication can be bypassed using SQL Injection that mentioned in my other report) can upload .php file that contains malicious code via student.php...
7.2CVSS
7.7AI Score
0.001EPSS
College Management System v1.0 - SQL Injection (SQLi). By inserting SQL commands to the username and password fields in the login.php...
9.8CVSS
10AI Score
0.001EPSS
College Management System v1.0 was discovered to contain a remote code execution (RCE) vulnerability via /College/admin/teacher.php. This vulnerability is exploited via a crafted PHP...
8.8CVSS
8.9AI Score
0.006EPSS
7.2CVSS
7.3AI Score
0.001EPSS
College Management System v1.0 was discovered to contain a SQL injection vulnerability via the course_code...
8.8CVSS
8.8AI Score
0.596EPSS
A cross-site scripting (XSS) vulnerability in College Website Content Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the User Profile Name text...
5.4CVSS
5.2AI Score
0.001EPSS