56 matches found
CVE-2020-37084
School ERP Pro 1.0 contains a remote code execution vulnerability that allows authenticated admin users to upload arbitrary PHP files as profile photos by bypassing file extension checks. Attackers can exploit improper file validation in pre-editstudent.inc.php to execute arbitrary code on the...
CVE-2020-37084
School ERP Pro 1.0 contains a remote code execution vulnerability that allows authenticated admin users to upload arbitrary PHP files as profile photos by bypassing file extension checks. Attackers can exploit improper file validation in pre-editstudent.inc.php to execute arbitrary code on the...
CVE-2020-37084
School ERP Pro 1.0 contains a remote code execution vulnerability that allows authenticated admin users to upload arbitrary PHP files as profile photos by bypassing file extension checks. Attackers can exploit improper file validation in pre-editstudent.inc.php to execute arbitrary code on the...
CVE-2026-1595
A vulnerability was detected in itsourcecode Society Management System 1.0. This affects an unknown part of the file /admin/editstudentquery.php. The manipulation of the argument studentid results in sql injection. The attack can be executed remotely. The exploit is now public and may be used...
CVE-2026-1595
A vulnerability was detected in itsourcecode Society Management System 1.0. This affects an unknown part of the file /admin/editstudentquery.php. The manipulation of the argument studentid results in sql injection. The attack can be executed remotely. The exploit is now public and may be used...
EUVD-2026-4952
A vulnerability was detected in itsourcecode Society Management System 1.0. This affects an unknown part of the file /admin/editstudentquery.php. The manipulation of the argument studentid results in sql injection. The attack can be executed remotely. The exploit is now public and may be used...
PT-2026-5306
A vulnerability was detected in itsourcecode Society Management System 1.0. This affects an unknown part of the file /admin/edit student query.php. The manipulation of the argument student id results in sql injection. The attack can be executed remotely. The exploit is now public and may be used...
Itsourcecode Society Management System SQL Injection Vulnerability
itsourcecode Society Management System is an open-source social management system developed by itsourcecode. Version 1.0 of the itsourcecode Society Management System has a SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter studentid in the file...
CVE-2026-0547 PHPGurukul Online Course Registration Student Registration edit-student-profile.php unrestricted upload
A vulnerability was found in PHPGurukul Online Course Registration up to 3.1. This issue affects some unknown processing of the file /admin/edit-student-profile.php of the component Student Registration Page. The manipulation of the argument photo results in unrestricted upload. The attack may be...
CVE-2026-0547 PHPGurukul Online Course Registration Student Registration edit-student-profile.php unrestricted upload
A vulnerability was found in PHPGurukul Online Course Registration up to 3.1. This issue affects some unknown processing of the file /admin/edit-student-profile.php of the component Student Registration Page. The manipulation of the argument photo results in unrestricted upload. The attack may be...
CVE-2025-13795
A weakness has been identified in codingWithElias School Management System up to f1ac334bfd89ae9067cc14dea12ec6ff3f078c01. Affected is an unknown function of the file /student-view.php of the component Edit Student Info Page. This manipulation of the argument First Name causes cross site scriptin...
CVE-2025-13795 codingWithElias School Management System Edit Student Info student-view.php cross site scripting
A weakness has been identified in codingWithElias School Management System up to f1ac334bfd89ae9067cc14dea12ec6ff3f078c01. Affected is an unknown function of the file /student-view.php of the component Edit Student Info Page. This manipulation of the argument First Name causes cross site scriptin...
CVE-2025-13795 codingWithElias School Management System Edit Student Info student-view.php cross site scripting
A weakness has been identified in codingWithElias School Management System up to f1ac334bfd89ae9067cc14dea12ec6ff3f078c01. Affected is an unknown function of the file /student-view.php of the component Edit Student Info Page. This manipulation of the argument First Name causes cross site scriptin...
CVE-2025-13795
CVE-2025-13795 affects codingWithElias School Management System (Edit Student Info Page: /student-view.php). The vulnerability arises from manipulation of the First Name argument in an unknown function, enabling cross-site scripting (XSS). Remote exploitation is possible and a public exploit exis...
EUVD-2025-32611
A vulnerability was found in code-projects Student Crud Operation up to 3.3. This vulnerability affects the function moveuploadedfile of the file add.php of the component Add Student Page/Edit Student Page. Performing manipulation results in unrestricted upload. The attack can be initiated...
CVE-2025-11347
CVE-2025-11347 affects code-projects Student Crud Operation up to 3.3, where the function move_uploaded_file in add.php allows unrestricted file upload. The vulnerability can be triggered remotely and the exploit has been publicized. Affected versions are stated as up to 3.3; sources suggest that...
PT-2025-40957
Name of the Vulnerable Software and Affected Versions code-projects Student Crud Operation versions up to 3.3 Description A flaw exists in code-projects Student Crud Operation that allows for unrestricted file uploads. This is due to manipulation of the move uploaded file function within the...
EUVD-2025-26233
Malicious code in bioql PyPI...
CVE-2025-11061
A vulnerability was found in Campcodes Online Learning Management System 1.0. This affects an unknown part of the file /admin/editstudent.php. Performing manipulation of the argument cys results in sql injection. The attack is possible to be carried out remotely. The exploit has been made public...
CVE-2025-11061
A vulnerability was found in Campcodes Online Learning Management System 1.0. This affects an unknown part of the file /admin/editstudent.php. Performing manipulation of the argument cys results in sql injection. The attack is possible to be carried out remotely. The exploit has been made public...