53 matches found
CVE-2019-8335
CVE-2019-8335 describes an XSS vulnerability in SchoolCMS 2.3.1, exploitable via index.php?a=Index&c=Channel&m=Home&id=[XSS]. The connected Red Hat/CNVD/etc. entries corroborate a cross-site scripting flaw in SchoolCMS; no details about affected versions beyond 2.3.1 or concrete exploit vectors a...
CVE-2019-8334
CVE-2019-8334 affects SchoolCMS 2.3.1 . A cross-site scripting (XSS) flaw is present via the vulnerable request: index.php?a=Index&c=Channel&m=Home&viewid=[XSS], which could lead to injection of arbitrary script when a user loads the affected page. The primary description in the CVE notes an XSS ...
SQL Injection Vulnerability in SchoolCMS v2.3.1 Us***.class File
SchoolCMS is a school teaching management system based on PHP+MySQL. A SQL injection vulnerability exists in the SchoolCMS v2.3.1Us.class file, which can be exploited by attackers to obtain sensitive information...
Code Execution Vulnerability in SchoolCMS v2.3
SchoolCMS is a school teaching management system based on PHP+MySQL. A code execution vulnerability exists in SchoolCMS v2.3, which is due to the system failing to effectively filter some of the input parameter values. An attacker can exploit this vulnerability to upload a Trojan horse file and...
Arbitrary File Deletion Vulnerability in SchoolCMS
SchoolCMS is a school teaching management system based on PHP+MySQL. An arbitrary file deletion vulnerability exists somewhere in the SchoolCMS backend, which can be exploited by an attacker to delete arbitrary folders...
Variable Override Vulnerability in SchoolCMS
SchoolCMS is a school teaching management system based on PHP+MySQL. SchoolCMS suffers from a variable override vulnerability. An attacker can utilize the browser's TAB function to override access to user information...
SchoolCMS suffers from a variable override vulnerability (CNVD-2017-30716)
SchoolCMS is a school teaching management system based on PHP+MySQL. SchoolCMS suffers from a variable override vulnerability. An attacker can utilize the browser's TAB function to reset any user's password...
File upload vulnerability in SchoolCMS backend SiteController.class.php
SchoolCMS is a school teaching management system based on PHP+MySQL. A file upload vulnerability exists in the SchoolCMS backend SiteController.class.php, due to the system Upload function not effectively filtering user-submitted data. A remote attacker can arbitrarily write files to gain web...
File upload vulnerability in SchoolCMS backend ThemeController.class.php
SchoolCMS is an open source faculty management system. SchoolCMS v2.3.1 version ThemeController.class.php and SiteController.class.ph Upload function in the file upload vulnerability, remote attackers can use the theme function in the background, to perform arbitrary file write operations to obta...
SchoolCMS Persistent XSS
No description provided by source. Title: SchoolCMS Persistant XSS. Date: 03/12/12 Author: VipVince Vendor: www.poweritschools.com Google Dork: /oldcore/cal/eventform.php Tested on: Windows. This is a Persistant XSS used in the software by many schools. About 225 results 0.21 seconds The...
SchoolCMS - Persistent Cross-Site Scripting
SchoolCMS - Persistent Cross-Site Scripting Title: SchoolCMS Persistant XSS. Date: 03/12/12 Author: VipVince Vendor: www.poweritschools.com Google Dork: /oldcore/cal/eventform.php Tested on: Windows. This is a Persistant XSS used in the software by many schools. About 225 results 0.21 seconds The...
SchoolCMS - Persistent Cross-Site Scripting
Title: SchoolCMS Persistant XSS. Date: 03/12/12 Author: VipVince Vendor: www.poweritschools.com Google Dork: /oldcore/cal/eventform.php Tested on: Windows. This is a Persistant XSS used in the software by many schools. About 225 results 0.21 seconds The vulnerability lies in the eventform.php fil...
SchoolCMS Cross Site Scripting
Title: SchoolCMS Persistant XSS. Date: 03/12/12 Author: VipVince Vendor: www.poweritschools.com Google Dork: /oldcore/cal/eventform.php Tested on: Windows. This is a Persistant XSS used in the software by many schools. About 225 results 0.21 seconds The vulnerability lies in the eventform.php fil...