Lucene search
K

932 matches found

Positive Technologies
Positive Technologies
added 2022/04/06 12:0 a.m.5 views

PT-2022-13747 · Sap · Sap Information System

Name of the Vulnerable Software and Affected Versions: SAP Information System version 1.0 Description: A critical issue was found, allowing an unauthenticated attacker to create a new admin account for the web application with a simple POST request to the "add admin.php" file, located at the "/SA...

7.5CVSS7.1AI score0.01332EPSS
Exploits2References3
Packet Storm
Packet Storm
added 2022/04/06 12:0 a.m.248 views

SAP Information System 1.0 Shell Upload

Title: SAP Information System 1.0 Shell Upload Author: Hejap Zairy Date: 05.04.2022 Vendor: https://www.sourcecodester.com/php/15262/sap-information-system-using-phppdo-oop.html Software: https://www.sourcecodester.com/sites/default/files/download/oretnom23/SAPInformationSystem.zip Reference:...

7.4AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2022/04/05 2:15 a.m.7 views

CVE-2022-24231

Simple Student Information System v1.0 was discovered to contain a SQL injection vulnerability via add/Student...

10CVSS7.4AI score0.01735EPSS
Exploits1References3
OSV
OSV
added 2022/04/05 2:15 a.m.3 views

CVE-2022-24231

Simple Student Information System v1.0 was discovered to contain a SQL injection vulnerability via add/Student...

9.8CVSS7.3AI score0.01735EPSS
Exploits1References2
NVD
NVD
added 2022/04/05 2:15 a.m.16 views

CVE-2022-24231

Simple Student Information System v1.0 was discovered to contain a SQL injection vulnerability via add/Student...

10CVSS0.01735EPSS
Exploits1References2
Prion
Prion
added 2022/04/05 2:15 a.m.20 views

Sql injection

Simple Student Information System v1.0 was discovered to contain a SQL injection vulnerability via add/Student...

10CVSS9.7AI score0.01735EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2022/04/05 1:18 a.m.91 views

CVE-2022-24231

The CVE-2022-24231 entry concerns Simple Student Information System v1.0, which is vulnerable to SQL injection via the add/Student path. The vulnerability is documented with a high-severity impact (CVSS v3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H; base score 9.8) affecting confidentiality, integrit...

10CVSS9.8AI score0.01735EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2022/04/05 1:18 a.m.20 views

CVE-2022-24231

Simple Student Information System v1.0 was discovered to contain a SQL injection vulnerability via add/Student...

10AI score0.01735EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/04/05 12:0 a.m.5 views

Simple Student Information System SQL注入漏洞

Simple Student Information System is a web-based application platform that helps a university or college manage student information and academic records. SourceCodester Simple Student Information System version 1.0 is vulnerable to SQL injection, which can be exploited by attackers to send...

10CVSS5.7AI score0.01735EPSS
Exploits1References3
CNVD
CNVD
added 2022/03/04 12:0 a.m.15 views

OS4Ed OpenSIS Cross-Site Scripting Vulnerability

OS4Ed OpenSIS is OS4Ed's commercial-grade, secure, scalable and intuitive student information system, school management software. With all the functionality to run single or multiple institutions in a single installation, OS4Ed OpenSIS suffers from a cross-site scripting vulnerability that could ...

6.1CVSS2.2AI score0.00774EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2022/02/07 12:0 a.m.8 views

The vulnerability of the centralized system for managing emergency messages and events in CAMS for HIS distributed control systems CENTUM VP and CENTUM VP Entry Class, along with the OPC-server Exaopc, allows a perpetrator to execute arbitrary codes.

The vulnerability of the centralized system for managing emergency messages and events in CAMS for HIS distributed control systems CENTUM VP and CENTUM VP Entry Class, along with the OPC-server Exaopc, lies in the loading of a non-existent dynamic library. Exploiting this vulnerability could allo...

8.3CVSS7.5AI score0.00216EPSS
Exploits0References3
CNVD
CNVD
added 2022/01/07 12:0 a.m.18 views

Practo Technologies Insta Hms跨站脚本漏洞

Practo Technologies Insta Hms is a hospital information system from Practo Technologies, India. Practo Technologies Insta HMS has a cross-site scripting vulnerability that stems from the lack of proper validation of client-side data in the WEB application, which can be exploited by attackers to...

6.1CVSS3.9AI score0.00852EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/01/06 12:0 a.m.5 views

Practo Technologies Insta Hms 跨站脚本漏洞

Practo Technologies Insta Hms is a hospital information system from Practo Technologies, India. Practo Technologies Insta HMS has a cross-site scripting vulnerability that stems from the lack of proper validation of client-side data in the WEB application, which can be exploited by attackers to...

6.1CVSS5.2AI score0.00852EPSS
Exploits0References1
0day.today
0day.today
added 2022/01/06 12:0 a.m.432 views

openSIS Student Information System 8.0 - (multiple) SQL Injection Vulnerability

Exploit Title: openSIS Student Information System 8.0 - 'multiple' SQL Injection Date: 26/12/2021 Exploit Author: securityforeveryone.com Author Mail: helloATsecurityforeveryone.com Vendor Homepage: https://opensis.com Software Link: https://opensis.com Version: 8.0 Community Edition Tested on:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2022/01/05 12:0 a.m.260 views

openSIS Student Information System 8.0 - 'multiple' SQL Injection

Exploit Title: openSIS Student Information System 8.0 - 'multiple' SQL Injection Date: 26/12/2021 Exploit Author: securityforeveryone.com Author Mail: helloATsecurityforeveryone.com Vendor Homepage: https://opensis.com Software Link: https://opensis.com Version: 8.0 Community Edition Tested on:...

7.4AI score
Exploits0
OSV
OSV
added 2021/12/02 5:48 p.m.26 views

GHSA-WF5P-F5XR-C4JJ SQL Injection in rosariosis

An unauthenticated SQL Injection vulnerability in Rosario Student Information System aka rosariosis before 8.1.1 allows remote attackers to execute PostgreSQL statements e.g., SELECT, INSERT, UPDATE, and DELETE through /Side.php via the syear parameter...

9.8CVSS9.9AI score0.50641EPSS
Exploits1References6
Github Security Blog
Github Security Blog
added 2021/12/02 5:48 p.m.27 views

SQL Injection in rosariosis

An unauthenticated SQL Injection vulnerability in Rosario Student Information System aka rosariosis before 8.1.1 allows remote attackers to execute PostgreSQL statements e.g., SELECT, INSERT, UPDATE, and DELETE through /Side.php via the syear parameter...

9.8CVSS7.1AI score0.50641EPSS
Exploits1References6Affected Software1
CNVD
CNVD
added 2021/12/01 12:0 a.m.17 views

Rosario Student Information System SQL Injection Vulnerability

The Rosario Student Information System is a free student information system used for school administration, and a SQL injection vulnerability exists in the Rosario Student Information System, which can be exploited to execute Postgre SQL statements via the /Side.php parameter via the syear...

9.8CVSS3.5AI score0.50641EPSS
Exploits1References1
NVD
NVD
added 2021/11/29 10:15 p.m.24 views

CVE-2021-44427

An unauthenticated SQL Injection vulnerability in Rosario Student Information System aka rosariosis before 8.1.1 allows remote attackers to execute PostgreSQL statements e.g., SELECT, INSERT, UPDATE, and DELETE through /Side.php via the syear parameter...

9.8CVSS0.50641EPSS
Exploits1References1
OSV
OSV
added 2021/11/29 10:15 p.m.18 views

CVE-2021-44427

An unauthenticated SQL Injection vulnerability in Rosario Student Information System aka rosariosis before 8.1.1 allows remote attackers to execute PostgreSQL statements e.g., SELECT, INSERT, UPDATE, and DELETE through /Side.php via the syear parameter...

9.8CVSS8.4AI score
Exploits0References1
Rows per page
Query Builder