A vulnerability was found in code-projects Agro-School Management System 1.0 and classified as critical. This issue affects some unknown processing of the file btn_functions.php of the component Attachment Image Handler. The manipulation leads to unrestricted upload. The attack may be initiated...
9.8CVSS
9.4AI Score
0.001EPSS
A vulnerability classified as critical was found in SourceCodester School Dormitory Management System 1.0. Affected by this vulnerability is an unknown functionality of the component Admin Login. The manipulation leads to sql injection. The attack can be launched remotely. The associated...
9.8CVSS
9.8AI Score
0.002EPSS
SQL injection in School Management System 1.0 allows remote attackers to modify or delete data, causing persistent changes to the application's content or behavior by using malicious SQL...
9.8CVSS
9.8AI Score
0.001EPSS
Advanced School Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the address parameter at...
4.8CVSS
5AI Score
0.001EPSS
Advanced School Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component ip/school/moudel/update_subject.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Edit Subject text.....
4.8CVSS
5AI Score
0.001EPSS
itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via the grade parameter at...
8.8CVSS
9AI Score
0.001EPSS
itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via the grade parameter at...
8.8CVSS
9AI Score
0.001EPSS
Cross Site Scripting (XSS) vulnerability in sourcecodester School File Management System 1.0 via the Firtstname parameter to the Update Account form in...
6.1CVSS
5.9AI Score
0.001EPSS
Cross Site Scripting (XSS) vulnerability in sourcecodester School File Management System 1.0 via the Lastname parameter to the Update Account form in...
5.4CVSS
5.2AI Score
0.001EPSS
itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via...
7.2CVSS
7.3AI Score
0.001EPSS
itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via...
7.2CVSS
7.3AI Score
0.001EPSS
itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via...
7.2CVSS
7.3AI Score
0.001EPSS
itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via...
7.2CVSS
7.3AI Score
0.001EPSS
itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via...
7.2CVSS
7.3AI Score
0.001EPSS
itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via...
7.2CVSS
7.3AI Score
0.001EPSS
itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via...
7.2CVSS
7.3AI Score
0.001EPSS
itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via...
7.2CVSS
7.3AI Score
0.001EPSS
itsourcecode Advanced School Management System v1.0 is vulnerable to Arbitrary code execution via...
7.2CVSS
7.2AI Score
0.001EPSS
itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via...
7.2CVSS
7.3AI Score
0.001EPSS
itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via...
7.2CVSS
7.3AI Score
0.001EPSS
itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via...
7.2CVSS
7.3AI Score
0.001EPSS
itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via...
7.2CVSS
7.3AI Score
0.001EPSS
itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via...
7.2CVSS
7.3AI Score
0.001EPSS
9.8CVSS
9.8AI Score
0.002EPSS
School Dormitory Management System v1.0 is vulnerable to reflected cross-site scripting (XSS) via...
6.1CVSS
5.9AI Score
0.001EPSS
9.8CVSS
9.8AI Score
0.002EPSS
9.8CVSS
9.8AI Score
0.116EPSS
School Dormitory Management System v1.0 is vulnerable to reflected cross-site scripting (XSS) via...
6.1CVSS
5.9AI Score
0.001EPSS
School Dormitory Management System v1.0 was discovered to contain a SQL injection vulnerability via the month parameter at...
9.8CVSS
9.8AI Score
0.002EPSS
Car Driving School Managment System v1.0 was discovered to contain a SQL injection vulnerability via...
9.8CVSS
9.8AI Score
0.002EPSS
Car Driving School Management System v1.0 was discovered to contain a SQL injection vulnerability via...
9.8CVSS
9.8AI Score
0.002EPSS
Car Driving School Management System v1.0 is affected by Cross Site Scripting (XSS) in the User Enrollment Form (Username Field). To exploit this Vulnerability, an admin views the registered user...
6.1CVSS
6AI Score
0.001EPSS
Car Driving School Management System v1.0 is affected by SQL injection in the login page. An attacker can use simple SQL login injection payload to get admin...
9.8CVSS
9.7AI Score
0.002EPSS
An unrestricted file upload vulnerability exists in Sourcecodester Free school management software 1.0. An attacker can leverage this vulnerability to enable remote code execution on the affected web server. Once a php webshell containing "" gets uploaded it is saved into /uploads/exam_question/...
9.8CVSS
9.6AI Score
0.02EPSS
The School Management System – WPSchoolPress WordPress plugin before 2.1.10 does not properly sanitize or use prepared statements before using POST variable in SQL queries, leading to SQL injection in multiple actions available to various authenticated users, from simple subscribers/students to...
8.8CVSS
8.9AI Score
0.001EPSS
The School Management System – WPSchoolPress WordPress plugin before 2.1.17 sanitise some fields using sanitize_text_field() but does not escape them before outputting in attributes, resulting in Stored Cross-Site Scripting...
4.8CVSS
4.8AI Score
0.001EPSS
9.8CVSS
9.4AI Score
0.073EPSS
8.8CVSS
8.7AI Score
0.002EPSS
School Event Management System 1.0 has SQL Injection via the student/index.php or event/index.php id...
9.8CVSS
9.9AI Score
0.003EPSS
/view/friend_profile.php in Ingenious School Management System 2.3.0 is vulnerable to Boolean-based and Time-based SQL injection in the 'friend_index' parameter of a GET...
9.8CVSS
9.7AI Score
0.004EPSS
my_profile.php in Ingenious School Management System 2.3.0 allows a student or teacher to upload an arbitrary...
8.8CVSS
8.6AI Score
0.006EPSS
8.8CVSS
9.1AI Score
0.001EPSS
Multiple cross-site request forgery (CSRF) vulnerabilities in Command School Student Management System 1.06.01 allow remote attackers to hijack the authentication of (1) administrators for requests that change the administrator password via an update action to sw/admin_change_password.php or (2)...
7.7AI Score
0.01EPSS
Multiple cross-site scripting (XSS) vulnerabilities in Command School Student Management System 1.06.01 allow remote attackers to inject arbitrary web script or HTML via the (1) topic parameter to sw/add_topic.php or (2) nick parameter to...
5.9AI Score
0.003EPSS
Multiple SQL injection vulnerabilities in Command School Student Management System 1.06.01 allow remote attackers to execute arbitrary SQL commands via the id parameter in an edit action to (1) admin_school_names.php, (2) admin_subjects.php, (3) admin_grades.php, (4) admin_terms.php, (5)...
8.9AI Score
0.003EPSS
Command School Student Management System 1.06.01 does not properly restrict access to sw/backup/backup_ray2.php, which allows remote attackers to download a database backup via a direct...
6.9AI Score
0.113EPSS
Cross-site scripting (XSS) vulnerability in default.asp in Caloris Planitia E-School Management System 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the msg...
5.7AI Score
0.004EPSS