CVE-2024-58276

Obi08/Enrollment System 1.0 contains a SQL injection vulnerability in the keyword parameter of /getsubject.php that allows unauthenticated attackers to execute arbitrary SQL queries. Attackers can use UNION-based injection to extract sensitive information from the users table including usernames...

EUVD-2025-201272

Obi08/Enrollment System 1.0 contains a SQL injection vulnerability in the keyword parameter of /getsubject.php that allows unauthenticated attackers to execute arbitrary SQL queries. Attackers can use UNION-based injection to extract sensitive information from the users table including usernames...

CVE-2024-58276 Obi08-Enrollment System 1.0 login.php SQL Injection

Obi08/Enrollment System 1.0 contains a SQL injection vulnerability in the keyword parameter of /getsubject.php that allows unauthenticated attackers to execute arbitrary SQL queries. Attackers can use UNION-based injection to extract sensitive information from the users table including usernames...

Enrollment System SQL注入漏洞

Enrollment System is an enrollment system software by Obi08 Individual Developer. A SQL injection vulnerability exists in Enrollment System version 1.0, which originates from SQL injection of the parameter keyword in /getsubject.php, which may result in the extraction of sensitive information...

PT-2025-49132

Obi08/Enrollment System 1.0 contains a SQL injection vulnerability in the keyword parameter of /get subject.php that allows unauthenticated attackers to execute arbitrary SQL queries. Attackers can use UNION-based injection to extract sensitive information from the users table including usernames...

CVE-2024-33804

A SQL injection vulnerability in /model/getsubject.php in campcodes Complete Web-Based School Management System 1.0 allows an attacker to execute arbitrary SQL commands via the id parameter...

PT-2024-25491 · Unknown · Campcodes Complete Web-Based School Management System

Name of the Vulnerable Software and Affected Versions: campcodes Complete Web-Based School Management System version 1.0 Description: A SQL injection issue allows an attacker to execute arbitrary SQL commands via the id parameter in the "/model/get subject.php" API endpoint. Recommendations: For...

Advanced School Management System SQL注入漏洞

Advanced School Management System is a school management system developed by Angel Jude Reyes Suarez. v1.0 of Advanced School Management System is vulnerable to SQL injection, which originates from /school/model /getsubjectrouting.php?id=The page lacks validation for external input SQL statements...

DSMmall Multi-merchant open source mall system get_subject_by_typeid method SQL injection vulnerability

DSMmall multi-commercial open source mall source code is a thinkPHP as the framework for the development of multi-user mall system source code. DSMmall multi merchant open source mall system getsubjectbytypeid method SQL injection vulnerability. The vulnerability is due to the system fails to...