53 matches found
EUVD-2019-18559
Malware in sbrugna...
EUVD-2019-18943
Malware in sbrugna...
EUVD-2019-17725
Malware in sbrugna...
EUVD-2019-17726
Malware in sbrugna...
EUVD-2025-15544
Malicious code in bioql PyPI...
CVE-2019-9572
SchoolCMS version 2.3.1 allows file upload via the theme upload feature at admin.php?m=admin=theme=upload by using the .zip extension along with the Static substring, changing the Content-Type to application/zip, and placing PHP code after the ZIP header. This ultimately allows execution of...
CVE-2019-8335
An issue was discovered in SchoolCMS 2.3.1. There is an XSS vulnerability via index.php?a=Index=Channel=Home=XSS...
CVE-2019-8334
An issue was discovered in SchoolCMS 2.3.1. There is an XSS vulnerability via index.php?a=Index=Channel=Home=XSS...
CVE-2025-4795
A vulnerability classified as critical has been found in gongfuxiang schoolcms 2.3.1. This affects the function SaveInfo of the file /index.php?m=Admin=article=SaveInfo. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has bee...
CVE-2025-4795
A vulnerability classified as critical has been found in gongfuxiang schoolcms 2.3.1. This affects the function SaveInfo of the file /index.php?m=Admin&c=article&a=SaveInfo. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has...
CVE-2025-4795
A vulnerability classified as critical has been found in gongfuxiang schoolcms 2.3.1. This affects the function SaveInfo of the file /index.php?m=Admin&c=article&a=SaveInfo. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has...
CVE-2025-4795 gongfuxiang schoolcms index.php SaveInfo sql injection
A vulnerability classified as critical has been found in gongfuxiang schoolcms 2.3.1. This affects the function SaveInfo of the file /index.php?m=Admin&c=article&a=SaveInfo. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has...
CVE-2025-4795 gongfuxiang schoolcms index.php SaveInfo sql injection
A vulnerability classified as critical has been found in gongfuxiang schoolcms 2.3.1. This affects the function SaveInfo of the file /index.php?m=Admin&c=article&a=SaveInfo. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has...
CVE-2025-4795
CVE-2025-4795 affects gongfuxiang schoolcms 2.3.1. The vulnerability is in the SaveInfo function (/index.php?m=Admin&c=article&a=SaveInfo) where manipulating the ID parameter enables SQL injection. It can be exploited remotely, and public exploit details are present. Several connected sources cor...
PT-2025-21750 · Unknown · Gongfuxiang Schoolcms
Name of the Vulnerable Software and Affected Versions: gongfuxiang schoolcms version 2.3.1 Description: A critical issue has been discovered, affecting the SaveInfo function of the file "/index.php?m=Admin&c=article&a=SaveInfo". The manipulation of the ID argument leads to SQL injection. This iss...
SchoolCMS 注入漏洞
SchoolCMS is Devil individual developer of a set of open source school teaching management system based on ThinkPHP framework. The system includes student management, grade management and teacher management. SchoolCMS version 2.3.1 suffers from an injection vulnerability , the vulnerability stems...
SchoolCMS has a file upload vulnerability
SchoolCMS is a school teaching management system based on PHP+MySQL. SchoolCMS v2.3.1 suffers from an arbitrary file upload vulnerability. An attacker can exploit the vulnerability to upload a webshell and gain server privileges...
SchoolCMS v2.3.1 Arbitrary File Deletion Vulnerability
SchoolCMS is a school teaching management system based on PHP+MySQL. SchoolCMS v2.3.1 suffers from an arbitrary file deletion vulnerability. An attacker can use the vulnerability to delete any folder in the root directory of a website or the root directory of a website...
CVE-2019-9572
SchoolCMS version 2.3.1 allows file upload via the theme upload feature at admin.php?m=admin&c=theme&a=upload by using the .zip extension along with the Static substring, changing the Content-Type to application/zip, and placing PHP code after the ZIP header. This ultimately allows execution of...
Unrestricted file upload
SchoolCMS version 2.3.1 allows file upload via the theme upload feature at admin.php?m=admin&c=theme&a=upload by using the .zip extension along with the Static substring, changing the Content-Type to application/zip, and placing PHP code after the ZIP header. This ultimately allows execution of...