53 matches found
EUVD-2019-18943
Malware in sbrugna...
EUVD-2019-17726
Malware in sbrugna...
EUVD-2019-17725
Malware in sbrugna...
EUVD-2019-18559
Malware in sbrugna...
EUVD-2025-15544
Malicious code in bioql PyPI...
CVE-2019-9572
SchoolCMS version 2.3.1 allows file upload via the theme upload feature at admin.php?m=admin=theme=upload by using the .zip extension along with the Static substring, changing the Content-Type to application/zip, and placing PHP code after the ZIP header. This ultimately allows execution of...
CVE-2019-8335
An issue was discovered in SchoolCMS 2.3.1. There is an XSS vulnerability via index.php?a=Index=Channel=Home=XSS...
CVE-2019-8334
An issue was discovered in SchoolCMS 2.3.1. There is an XSS vulnerability via index.php?a=Index=Channel=Home=XSS...
CVE-2025-4795
A vulnerability classified as critical has been found in gongfuxiang schoolcms 2.3.1. This affects the function SaveInfo of the file /index.php?m=Admin=article=SaveInfo. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has bee...
CVE-2025-4795
A vulnerability classified as critical has been found in gongfuxiang schoolcms 2.3.1. This affects the function SaveInfo of the file /index.php?m=Admin&c=article&a=SaveInfo. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has...
CVE-2025-4795
A vulnerability classified as critical has been found in gongfuxiang schoolcms 2.3.1. This affects the function SaveInfo of the file /index.php?m=Admin&c=article&a=SaveInfo. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has...
CVE-2025-4795 gongfuxiang schoolcms index.php SaveInfo sql injection
A vulnerability classified as critical has been found in gongfuxiang schoolcms 2.3.1. This affects the function SaveInfo of the file /index.php?m=Admin&c=article&a=SaveInfo. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has...
CVE-2025-4795 gongfuxiang schoolcms index.php SaveInfo sql injection
A vulnerability classified as critical has been found in gongfuxiang schoolcms 2.3.1. This affects the function SaveInfo of the file /index.php?m=Admin&c=article&a=SaveInfo. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has...
CVE-2025-4795
CVE-2025-4795 affects gongfuxiang schoolcms 2.3.1. The vulnerability is in the SaveInfo function (/index.php?m=Admin&c=article&a=SaveInfo) where manipulating the ID parameter enables SQL injection. It can be exploited remotely, and public exploit details are present. Several connected sources cor...
SchoolCMS 注入漏洞
SchoolCMS is Devil individual developer of a set of open source school teaching management system based on ThinkPHP framework. The system includes student management, grade management and teacher management. SchoolCMS version 2.3.1 suffers from an injection vulnerability , the vulnerability stems...
PT-2025-21750 · Unknown · Gongfuxiang Schoolcms
Name of the Vulnerable Software and Affected Versions: gongfuxiang schoolcms version 2.3.1 Description: A critical issue has been discovered, affecting the SaveInfo function of the file "/index.php?m=Admin&c=article&a=SaveInfo". The manipulation of the ID argument leads to SQL injection. This iss...
SchoolCMS has a file upload vulnerability
SchoolCMS is a school teaching management system based on PHP+MySQL. SchoolCMS v2.3.1 suffers from an arbitrary file upload vulnerability. An attacker can exploit the vulnerability to upload a webshell and gain server privileges...
SchoolCMS v2.3.1 Arbitrary File Deletion Vulnerability
SchoolCMS is a school teaching management system based on PHP+MySQL. SchoolCMS v2.3.1 suffers from an arbitrary file deletion vulnerability. An attacker can use the vulnerability to delete any folder in the root directory of a website or the root directory of a website...
CVE-2019-9572
SchoolCMS version 2.3.1 allows file upload via the theme upload feature at admin.php?m=admin&c=theme&a=upload by using the .zip extension along with the Static substring, changing the Content-Type to application/zip, and placing PHP code after the ZIP header. This ultimately allows execution of...
CVE-2019-9572
SchoolCMS version 2.3.1 allows file upload via the theme upload feature at admin.php?m=admin&c=theme&a=upload by using the .zip extension along with the Static substring, changing the Content-Type to application/zip, and placing PHP code after the ZIP header. This ultimately allows execution of...