2 matches found
CVE-2018-25201
The CVE-2018-25201 entry concerns the School Management System CMS 1.0. The connected sources confirm an SQL injection vulnerability in the admin login, exploitable via the username parameter on the processlogin endpoint to bypass authentication and log in as an administrator without valid creden...
CVE-2018-25201 School Management System CMS 1.0 Admin Login SQL Injection
School Management System CMS 1.0 contains an SQL injection vulnerability in the admin login functionality that allows attackers to bypass authentication by injecting SQL code through the username parameter. Attackers can submit malicious payloads using boolean-based blind SQL injection techniques...