27 matches found
CVE-2025-15655
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Mojoomla School Management allows SQL Injection. This issue affects School Management: from n/a through 93.2.0...
CVE-2025-15656
Incorrect Privilege Assignment vulnerability in Mojoomla School Management allows Privilege Escalation. This issue affects School Management: from n/a through 93.2.0...
CVE-2025-15656
Incorrect Privilege Assignment vulnerability in Mojoomla School Management allows Privilege Escalation. This issue affects School Management: from n/a through 93.2.0...
CVE-2025-15655
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Mojoomla School Management allows SQL Injection. This issue affects School Management: from n/a through 93.2.0...
CVE-2025-15656 WordPress School Management plugin <= 93.2.0 - Privilege Escalation vulnerability
Incorrect Privilege Assignment vulnerability in Mojoomla School Management allows Privilege Escalation. This issue affects School Management: from n/a through 93.2.0...
EUVD-2025-210049
Incorrect Privilege Assignment vulnerability in Mojoomla School Management allows Privilege Escalation. This issue affects School Management: from n/a through 93.2.0...
CVE-2025-15656
CVE-2025-15656 is an Incorrect Privilege Assignment vulnerability affecting the WordPress School Management plugin (the CVE entry and related records list affected scope as WordPress School Management up to version 93.2.0). The underlying issue is privilege escalation via improper privilege assig...
CVE-2025-15656
Incorrect Privilege Assignment vulnerability in Mojoomla School Management allows Privilege Escalation. This issue affects School Management: from n/a through 93.2.0...
EUVD-2025-210048
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Mojoomla School Management allows SQL Injection. This issue affects School Management: from n/a through 93.2.0...
CVE-2025-15655 WordPress School Management plugin <= 93.2.0 - SQL Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Mojoomla School Management allows SQL Injection. This issue affects School Management: from n/a through 93.2.0...
CVE-2025-15655
The CVE-2025-15655 entry pertains to a SQL Injection in the WordPress School Management plugin (
WordPress School Management System plugin <= 93.2.0 - Authenticated (Student+) Arbitrary File Upload vulnerability
Authenticated Student+ Arbitrary File Upload vulnerability discovered by Foxyyy in WordPress Plugin School Management versions = 93.2.0...
EUVD-2025-25776
Malicious code in bioql PyPI...
EUVD-2024-54885
Malicious code in bioql PyPI...
CVE-2025-48108
Missing Authorization vulnerability in Mojoomla School Management allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects School Management: from n/a through 93.2.0...
CVE-2025-48108 WordPress School Management Plugin <= 93.2.0 - Broken Access Control Vulnerability
Missing Authorization vulnerability in Mojoomla School Management allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects School Management: from n/a through 93.2.0...
CVE-2025-48108
CVE-2025-48108 affects WordPress School Management Plugin
CVE-2025-6079
The School Management System for Wordpress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the homework.php file in all versions up to, and including, 93.2.0. This makes it possible for authenticated attackers, with Student-level access and abov...
CVE-2025-6079
The School Management System for Wordpress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the homework.php file in all versions up to, and including, 93.2.0. This makes it possible for authenticated attackers, with Student-level access and abov...
CVE-2024-12612
The School Management System for Wordpress plugin for WordPress is vulnerable to SQL Injection via several parameters across multiple AJAX action in all versions up to, and including, 93.2.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...