CVE-2026-25806

PlaciPy (version 1.0.0) exposes potential IDOR-like authorization gaps on student records via GET /api/students/:email, PUT /api/students/:email/status, and DELETE /api/students/:email. The backend only enforces authentication (authenticateToken) and does not verify ownership, administrative/staf...

PT-2024-37454 · Sourcecodester · Sourcecodester Simple Student Attendance System

Name of the Vulnerable Software and Affected Versions: SourceCodester Simple Student Attendance System version 1.0 Description: A vulnerability was found in the function get student of the file student form.php. The manipulation of the argument id leads to cross-site scripting. The attack may be...

PT-2024-25489 · Unknown · Campcodes Complete Web-Based School Management System

Name of the Vulnerable Software and Affected Versions: campcodes Complete Web-Based School Management System version 1.0 Description: A SQL injection issue exists in the /model/get student subject.php file, allowing an attacker to execute arbitrary SQL commands by manipulating the index parameter...

CVE-2023-26568

Unauthenticated SQL injection in the GetStudentGroupStudents method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction or modification of all data by unauthenticated attackers...

CVE-2022-32380

itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/getstudentsubject.php?index=...

CVE-2022-32380

itsourcecode Advanced School Management System v1.0 is vulnerable to SQL Injection via /school/model/getstudentsubject.php?index=...