21 matches found
Schools Alert Management Script - Arbitrary File Read
Schools Alert Management Script is susceptible to an arbitrary file read vulnerability via the f parameter in img.php, aka absolute path traversal. id: CVE-2018-12054 info: name: Schools Alert Management Script - Arbitrary File Read author: wisnupramoedya severity: high description: Schools Alert...
EUVD-2018-18606
Malware in sbrugna...
Schools Alert Management Script Arbitrary File Upload and Remote Code Execution Vulnerabilities
PHP Scripts Mall Schools Alert Management Script is a school management system script by PHP Scripts Mall India. A security vulnerability exists in PHP Scripts Mall Schools Alert Management Script. The vulnerability can be exploited by remote attackers to upload arbitrary files and execute code v...
Schools Alert Management Script - Arbitrary File Deletion Vulnerability
Exploit for php platform in category web applications Exploit Title: Schools Alert Management Script - Arbitrary File Deletion Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/schools-alert-management-system/ Category: Web Application Exploit...
Schools Alert Management Script Arbitrary File Deletion Vulnerability
PHP Scripts Mall Schools Alert Management Script is a school management system script by PHP Scripts Mall India. A security vulnerability exists in PHP Scripts Mall Schools Alert Management Script. The vulnerability can be exploited to delete arbitrary files using the 'img' parameter in the...
Schools Alert Management Script SQL Injection
Exploit Title: Schools Alert Management Script - SQL Injection Date: 2018-06-07 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/schools-alert-management-system/ Category: Web Application Exploit Author: M3@Pandas Web:...
Directory traversal
Arbitrary File Deletion exists in PHP Scripts Mall Schools Alert Management Script via the img parameter in deleteimg.php by using directory traversal...
CVE-2018-12051
Arbitrary File Upload and Remote Code Execution exist in PHP Scripts Mall Schools Alert Management Script via $FILE in /webmasterst/general.php, as demonstrated by a .php file with the image/jpeg content type...
Sql injection
SQL Injection exists in PHP Scripts Mall Schools Alert Management Script via the q Parameter in getsec.php...
CVE-2018-12054
Arbitrary File Read exists in PHP Scripts Mall Schools Alert Management Script via the f parameter in img.php, aka absolute path traversal...
CVE-2018-12055
CVE-2018-12055 affects PHP Scripts Mall Schools Alert Management Script. The vulnerability is a SQL injection in multiple CGI endpoints (contact_us.php, faq.php, about.php, photo_gallery.php, privacy.php, etc.) triggered by crafted POST data, allowing an attacker to execute arbitrary SQL commands...
Schools Alert Management Script 2.0.2 SQL Injection
Exploit Title: Schools Alert Management Script - 2.0.2 - Authentication Bypass Date: 07.02.2018 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/schools-alert-management-system/ Category: Web Application Exploit Author: Prasenjit Kanti Paul We...
CVE-2018-6859
SQL Injection exists in PHP Scripts Mall Schools Alert Management Script 2.0.2 via the Login Parameter...
CVE-2018-6859
CVE-2018-6859 affects the PHP Scripts Mall Schools Alert Management Script (version 2.0.2). A SQL Injection in the Login parameter enables a remote attacker to bypass authentication, effectively gaining access without valid credentials. Several connected sources corroborate an authentication bypa...
CVE-2018-6860
Arbitrary File Upload and Remote Code Execution exist in PHP Scripts Mall Schools Alert Management Script 2.0.2 via a profile picture...
Remote code execution
Arbitrary File Upload and Remote Code Execution exist in PHP Scripts Mall Schools Alert Management Script 2.0.2 via a profile picture...
CVE-2018-6860
Arbitrary File Upload and Remote Code Execution exist in PHP Scripts Mall Schools Alert Management Script 2.0.2 via a profile picture...
CVE-2018-6860
Arbitrary File Upload and Remote Code Execution exist in PHP Scripts Mall Schools Alert Management Script 2.0.2 via a profile picture...
CVE-2018-6860
CVE-2018-6860 affects the PHP Scripts Mall Schools Alert Management Script 2.0.2. Public sources confirm an arbitrary file upload vulnerability in the profile picture upload flow that can lead to remote code execution. Exploitation samples exist (Exploit-DB PoC and multiple mirrors) showing how a...
Schools Alert Management Script 2.0.2 Arbitrary File Upload / Remote Code Execution
Exploit Title: Schools Alert Management Script - 2.0.2 - Arbitrary File Upload / Remote Code Execution Date: 07.02.2018 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/schools-alert-management-system/ Category: Web Application Exploit Author:...