Schools Alert Management Script SQL Injection Vulnerability (CNVD-2018-11371)

PHP Scripts Mall Schools Alert Management Script is a school management system script by PHP Scripts Mall India. A SQL injection vulnerability exists in PHP Scripts Mall Schools Alert Management Script. A remote attacker can exploit this vulnerability by executing arbitrary SQL commands with the...

CVE-2018-12055

Multiple SQL Injections exist in PHP Scripts Mall Schools Alert Management Script via crafted POST data in contactus.php, faq.php, about.php, photogallery.php, privacy.php, and so on...

CVE-2018-12052

SQL Injection exists in PHP Scripts Mall Schools Alert Management Script via the q Parameter in getsec.php...

CVE-2018-12051

Arbitrary File Upload and Remote Code Execution exist in PHP Scripts Mall Schools Alert Management Script via $FILE in /webmasterst/general.php, as demonstrated by a .php file with the image/jpeg content type...

Remote code execution

Arbitrary File Upload and Remote Code Execution exist in PHP Scripts Mall Schools Alert Management Script via $FILE in /webmasterst/general.php, as demonstrated by a .php file with the image/jpeg content type...

Path traversal

Arbitrary File Read exists in PHP Scripts Mall Schools Alert Management Script via the f parameter in img.php, aka absolute path traversal...

CVE-2018-12054

Arbitrary File Read exists in PHP Scripts Mall Schools Alert Management Script via the f parameter in img.php, aka absolute path traversal...

Directory traversal

Arbitrary File Deletion exists in PHP Scripts Mall Schools Alert Management Script via the img parameter in deleteimg.php by using directory traversal...

CVE-2018-12053

Arbitrary File Deletion exists in PHP Scripts Mall Schools Alert Management Script via the img parameter in deleteimg.php by using directory traversal...

Sql injection

SQL Injection exists in PHP Scripts Mall Schools Alert Management Script via the q Parameter in getsec.php...

CVE-2018-12051

CVE-2018-12051 affects the PHP Scripts Mall Schools Alert Management Script. The vulnerability allows an attacker to upload arbitrary files and execute code remotely via the $_FILE handling in /webmasterst/general.php, demonstrated by a crafted .php file with an image/jpeg content type. Documente...

CVE-2018-12053

Arbitrary File Deletion exists in PHP Scripts Mall Schools Alert Management Script via the img parameter in deleteimg.php by using directory traversal...

CVE-2018-12053

CVE-2018-12053 affects the PHP Scripts Mall Schools Alert Management Script. Affected component: delete_img.php; vuln via the img parameter allowing directory traversal, enabling arbitrary file deletion. Public PoCs/exploits demonstrate accessing /delete_img.php?img=./uploads/school_logos/1528_x1...

CVE-2018-12052

SQL Injection exists in PHP Scripts Mall Schools Alert Management Script via the q Parameter in getsec.php...

CVE-2018-12054

Arbitrary File Read exists in PHP Scripts Mall Schools Alert Management Script via the f parameter in img.php, aka absolute path traversal...

CVE-2018-12055

CVE-2018-12055 affects PHP Scripts Mall Schools Alert Management Script. The vulnerability is a SQL injection in multiple CGI endpoints (contact_us.php, faq.php, about.php, photo_gallery.php, privacy.php, etc.) triggered by crafted POST data, allowing an attacker to execute arbitrary SQL commands...

NUUO NVRmini 2 Arbitrary File Upload Vulnerability

The NUUO NVRmini 2 is a video storage management device from NUUO USA. A security vulnerability exists in the upload.php file in the NUUO NVRmini 2. An attacker can exploit this vulnerability to upload arbitrary files e.g., .php files...

CVE-2018-11514

The CVE affects PHP Scripts Mall Naukri Clone Script (version 3.0.3 and earlier). The vulnerability resides in edit_resume_det.php, allowing Unrestricted Upload of a File with a Dangerous Type (e.g., renaming .docx to .php). This could enable an attacker to upload a malicious PHP file, potentiall...

CVE-2018-11514

PHP Scripts Mall Naukri Clone Script through 3.0.3 allows Unrestricted Upload of a File with a Dangerous Type in editresumedet.php, as demonstrated by changing .docx to .php...

CVE-2018-11501

PHP Scripts Mall Website Seller Script 2.0.3 has CSRF via usersubmit.php?upd=2, with resultant XSS...