Student File Management System save_user.php File SQL Injection Vulnerability

Student File Management System is a student file management system. The Student File Management System suffers from a SQL injection vulnerability that originates from the lack of validation of an externally entered SQL statement in the parameter firstname in the file /admin/saveuser.php. An...

CVE-2025-10483

A flaw has been found in SourceCodester Online Student File Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/saveuser.php. This manipulation of the argument firstname causes sql injection. The attack is possible to be carried out remotely. The...

CVE-2025-10483 SourceCodester Online Student File Management System save_user.php sql injection

A flaw has been found in SourceCodester Online Student File Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/saveuser.php. This manipulation of the argument firstname causes sql injection. The attack is possible to be carried out remotely. The...

CVE-2025-10483

CVE-2025-10483 affects SourceCodester Online Student File Management System 1.0. The vulnerability is in the unknown functionality of the file /admin/save_user.php, where manipulation of thefirstname parameter leads to a SQL injection. The exploit has been published and can be executed remotely, ...

CVE-2024-10766 Codezips Free Exam Hall Seating Management System save_user.php unrestricted upload

A vulnerability, which was classified as critical, has been found in Codezips Free Exam Hall Seating Management System 1.0. This issue affects some unknown processing of the file /pages/saveuser.php. The manipulation of the argument image leads to unrestricted upload. The attack may be initiated...

CVE-2024-10764

A vulnerability classified as critical has been found in Codezips Online Institute Management System 1.0. This affects an unknown part of the file /pages/saveuser.php. The manipulation of the argument image leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit...

CVE-2024-10764

Codezips Online Institute Management System 1.0 contains a critical vulnerability in /pages/save_user.php where manipulating the image parameter enables unrestricted file upload. The issue is remotely exploitable and has been publicly disclosed. Reported details consistently identify the vulnerab...

CVE-2024-10764 Codezips Online Institute Management System save_user.php unrestricted upload

A vulnerability classified as critical has been found in Codezips Online Institute Management System 1.0. This affects an unknown part of the file /pages/saveuser.php. The manipulation of the argument image leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit...

CVE-2023-2678

The CVE-2023-2678 entry concerns SourceCodester File Tracker Manager System 1.0. The vulnerability affects the file /file_manager/admin/save_user.php in the POST Parameter Handler, where manipulating the firstname parameter leads to cross-site scripting (XSS). Exploitation is remote and the explo...

Canteen Management System 代码问题漏洞

Canteen Management System is a cafeteria management system by Mayuri K. Individual developer. A security vulnerability exists in Canteen Management System v1.0, which originates from an arbitrary file upload vulnerability in the component /pages/saveuser.php. An attacker can exploit this...

CVE-2021-40261

Multiple Cross Site Scripting XSS vulnerabilities exist in SourceCodester CASAP Automated Enrollment System 1.0 via the 1 userusername and 2 category parameters in saveclass.php, the 3 firstname, 4 class, and 5 status parameters in studenttable.php, the 6 category and 7 classname parameters in...

CVE-2021-26230

Cross-site scripting XSS vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to inject arbitrary web script or HTML via the user information to saveuser.php...

CVE-2021-26230

Cross-site scripting XSS vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to inject arbitrary web script or HTML via the user information to saveuser.php...