Student Information System Security Vulnerabilities

CVE-2024-5381

A vulnerability classified as critical was found in itsourcecode Student Information Management System 1.0. Affected by this vulnerability is an unknown functionality of the file view.php. The manipulation of the argument studentId leads to sql injection. The attack can be launched remotely. The...

CVE-2024-0497

A vulnerability was found in Campcodes Student Information System 1.0. It has been classified as critical. Affected is an unknown function of the file /classes/Users.php?f=save. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The...

CVE-2023-5010

Student Information System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'coursecode' parameter of the marks.php resource does not validate the characters received and they are sent unfiltered to the...

CVE-2023-5011

Student Information System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'coursename' parameter of the marks.php resource does not validate the characters received and they are sent unfiltered to the...

CVE-2023-5007

Student Information System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'id' parameter of the marks.php resource does not validate the characters received and they are sent unfiltered to the...

CVE-2023-5008

Student Information System v1.0 is vulnerable to an unauthenticated SQL Injection vulnerability on the 'regno' parameter of index.php page, allowing an external attacker to dump all the contents of the database contents and bypass the login...

CVE-2023-4122

Student Information System v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'photo' parameter of my-profile page, allowing an authenticated attacker to obtain Remote Code Execution on the server hosting the...

CVE-2023-5929

A vulnerability was found in Campcodes Simple Student Information System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/students/manage_academic.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public...

CVE-2023-5930

A vulnerability was found in Campcodes Simple Student Information System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/students/manage_academic.php. The manipulation of the argument student_id leads to cross site scripting. The attack can be...

CVE-2023-5925

A vulnerability, which was classified as critical, has been found in Campcodes Simple Student Information System 1.0. This issue affects some unknown processing of the file /classes/Master.php. The manipulation of the argument f leads to sql injection. The exploit has been disclosed to the public.....

CVE-2023-5926

A vulnerability, which was classified as critical, was found in Campcodes Simple Student Information System 1.0. Affected is an unknown function of the file /admin/students/update_status.php. The manipulation of the argument student_id leads to sql injection. The exploit has been disclosed to the.....

CVE-2023-5927

A vulnerability has been found in Campcodes Simple Student Information System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/courses/manage_course.php. The manipulation of the argument id leads to sql injection. The exploit has been...

CVE-2023-5928

A vulnerability was found in Campcodes Simple Student Information System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/departments/manage_department.php. The manipulation of the argument id leads to sql injection. The exploit has been...

CVE-2023-5923

A vulnerability classified as critical has been found in Campcodes Simple Student Information System 1.0. This affects an unknown part of the file /admin/index.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. The...

CVE-2023-5924

A vulnerability classified as critical was found in Campcodes Simple Student Information System 1.0. This vulnerability affects unknown code of the file /admin/courses/view_course.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may.....

CVE-2023-2425

A vulnerability was found in SourceCodester Simple Student Information System 1.0. It has been classified as problematic. This affects an unknown part of the file /classes/Master.php?f=save_course of the component Add New Course. The manipulation of the argument name with the input...

CVE-2023-1726

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Proliz OBS allows Stored XSS for an authenticated user.This issue affects OBS: before...

CVE-2021-44197

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in UBIT Information Technologies Student Information Management System.This issue affects Student Information Management System: before...

CVE-2021-44196

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in UBIT Information Technologies Student Information Management System.This issue affects Student Information Management System: before...

CVE-2022-2808

Authorization Bypass Through User-Controlled Key vulnerability in Algan Software Prens Student Information System allows Object Relational Mapping Injection.This issue affects Prens Student Information System: before...

CVE-2022-2807

SQL Injection vulnerability in Algan Software Prens Student Information System allows SQL Injection.This issue affects Prens Student Information System: before...

CVE-2022-2797

A vulnerability classified as critical was found in SourceCodester Student Information System. Affected by this vulnerability is an unknown functionality of the file /admin/students/view_student.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely....

CVE-2022-2722

A vulnerability was found in SourceCodester Simple Student Information System and classified as critical. This issue affects some unknown processing of the file manage_course.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been....

CVE-2022-2705

A vulnerability was found in SourceCodester Simple Student Information System. It has been rated as critical. This issue affects some unknown processing of the file admin/departments/manage_department.php. The manipulation of the argument id with the input...

CVE-2022-34550

Sims v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /addNotifyServlet. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the notifyInfo...

CVE-2022-1819

A vulnerability, which was classified as problematic, was found in Student Information System 1.0. Affected is admin/?page=students of the Student Roll module. The manipulation with the input alert(1) leads to authenticated cross site scripting. Exploit details have been disclosed to the...

CVE-2022-24231

Simple Student Information System v1.0 was discovered to contain a SQL injection vulnerability via...

CVE-2020-13278

Reflected Cross-Site Scripting vulnerability in Modules.php in RosarioSIS Student Information System < 6.5.1 allows remote attackers to execute arbitrary web script via embedding javascript or HTML tags in a GET...

CVE-2014-1454

Pearson eSIS (Enterprise Student Information System) message board has stored XSS due to improper validation of user...

CVE-2014-1455

SQL injection vulnerability in the password reset functionality in Pearson eSIS Enterprise Student Information System, possibly 3.3.0.13 and earlier, allows remote attackers to execute arbitrary SQL commands via the new...

CVE-2014-1942

Cross-site scripting (XSS) vulnerability in aal/loginverification.aspx in Pearson eSIS Enterprise Student Information System allows remote attackers to inject arbitrary web script or HTML via unspecified...

CVE-2008-1548

Multiple cross-site scripting (XSS) vulnerabilities in Aeries Browser Interface (ABI) 3.8.3.14 in Eagle Software Aries Student Information System allow remote attackers to inject arbitrary web script or HTML via the (1) UserName parameter to loginproc.asp and the (2) usr parameter to...

CVE-2008-1549

Multiple SQL injection vulnerabilities in Aeries Browser Interface (ABI) 3.8.3.14 in Eagle Software Aries Student Information System allow remote attackers to execute arbitrary SQL commands via the (1) GrdBk parameter to GradebookOptions.asp and the (2) SchlCode variable to loginproc.asp, a...

CVE-2008-0941

Cross-site scripting (XSS) vulnerability in Eagle Software Aeries Browser Interface (ABI) 3.8.2.8 allows remote authenticated users to inject arbitrary web script or HTML via an...

CVE-2008-0942

SQL injection vulnerability in GradebookStuScores.asp in Eagle Software Aeries Browser Interface (ABI) 3.8.2.8 allows remote attackers to execute arbitrary SQL commands via the GrdBk...

CVE-2008-0943

Multiple SQL injection vulnerabilities in Eagle Software Aeries Browser Interface (ABI) 3.7.2.2 allow remote attackers to execute arbitrary SQL commands via the (1) FC parameter to Comments.asp, or the Term parameter to (2) Labels.asp or (3)...