Lucene search
+L

4 matches found

redhatcve
redhatcve
added 2025/05/22 3:42 p.m.4 views

CVE-2020-8504

School Management Software PHP/mySQL through 2019-03-14 allows officeadmin/?action=addadmin CSRF to add an administrative user...

6.5CVSS7AI score0.01102EPSS
Exploits3References1
exploitpack
exploitpack
added 2020/02/03 12:0 a.m.49 views

School ERP System 1.0 - Cross Site Request Forgery (Add Admin)

School ERP System 1.0 - Cross Site Request Forgery Add Admin Title: School ERP System 1.0 - Cross Site Request Forgery Add Admin Date: 2020-01-31 Exploit Author: J3rryBl4nks Vendor Homepage: https://sourceforge.net/projects/school-erp-ultimate/files/ Software Link:...

4.3CVSS0.3AI score0.01102EPSS
Exploits4
exploitdb
exploitdb
added 2020/02/03 12:0 a.m.255 views

School ERP System 1.0 - Cross Site Request Forgery (Add Admin)

Title: School ERP System 1.0 - Cross Site Request Forgery Add Admin Date: 2020-01-31 Exploit Author: J3rryBl4nks Vendor Homepage: https://sourceforge.net/projects/school-erp-ultimate/files/ Software Link: https://sourceforge.net/projects/school-erp-ultimate/files/ Version ERP-Ultimate CVE:...

6.5CVSS6.5AI score0.01102EPSS
Exploits4
cve
cve
added 2020/01/31 9:27 p.m.161 views

CVE-2020-8504

CVE-2020-8504 is a cross-site request forgery in School Management Software PHP/MySQL up to 2019-03-14 that allows an attacker to coerce an authenticated user to create an administrative account via the URL path office_admin/?action=addadmin. The vulnerability's root cause is CSRF lacking adequat...

6.5CVSS6.5AI score0.01102EPSS
Exploits3References1Affected Software1
Rows per page
Query Builder