Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Student Information System Security Vulnerabilities

cve
cve

CVE-2020-13278

Reflected Cross-Site Scripting vulnerability in Modules.php in RosarioSIS Student Information System < 6.5.1 allows remote attackers to execute arbitrary web script via embedding javascript or HTML tags in a GET request.

6.1CVSS

6.1AI Score

0.001EPSS

2020-08-12 02:15 PM
39
cve
cve

CVE-2022-1819

A vulnerability, which was classified as problematic, was found in Student Information System 1.0. Affected is admin/?page=students of the Student Roll module. The manipulation with the input <script>alert(1)</script> leads to authenticated cross site scripting. Exploit details have bee...

4.8CVSS

4.9AI Score

0.001EPSS

2022-05-24 06:15 AM
33
4
cve
cve

CVE-2022-2797

A vulnerability classified as critical was found in SourceCodester Student Information System. Affected by this vulnerability is an unknown functionality of the file /admin/students/view_student.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. Th...

9.8CVSS

9.7AI Score

0.001EPSS

2022-08-12 07:15 PM
28
6
cve
cve

CVE-2023-4122

Student Information System v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'photo' parameter of my-profile page, allowing an authenticated attacker to obtain Remote Code Execution on the server hosting the application.

9.9CVSS

8.7AI Score

0.001EPSS

2023-12-07 11:15 PM
5
cve
cve

CVE-2023-5007

Student Information System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'id' parameter of the marks.php resource does not validate the characters received and they are sent unfiltered to the database.

9.8CVSS

9.8AI Score

0.001EPSS

2023-12-20 04:15 PM
8
cve
cve

CVE-2023-5008

Student Information System v1.0 is vulnerable to an unauthenticated SQL Injection vulnerability on the 'regno' parameter of index.php page, allowing an external attacker to dump all the contents of the database contents and bypass the login control.

9.8CVSS

9.8AI Score

0.001EPSS

2023-12-08 12:15 AM
9
cve
cve

CVE-2023-5010

Student Information System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'coursecode' parameter of the marks.php resource does not validate the characters received and they are sent unfiltered to the database.

9.8CVSS

9.8AI Score

0.001EPSS

2023-12-20 04:15 PM
12
cve
cve

CVE-2023-5011

Student Information System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'coursename' parameter of the marks.php resource does not validate the characters received and they are sent unfiltered to the database.

9.8CVSS

9.8AI Score

0.001EPSS

2023-12-20 04:15 PM
12