18 matches found
Schools Alert Management Script - Arbitrary File Read
Schools Alert Management Script is susceptible to an arbitrary file read vulnerability via the f parameter in img.php, aka absolute path traversal. id: CVE-2018-12054 info: name: Schools Alert Management Script - Arbitrary File Read author: wisnupramoedya severity: high description: Schools Alert...
EUVD-2018-18606
Malware in sbrugna...
Schools Alert Management Script SQL Injection
Exploit Title: Schools Alert Management Script - SQL Injection Date: 2018-06-07 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/schools-alert-management-system/ Category: Web Application Exploit Author: M3@Pandas Web:...
Schools Alert Management Script - Arbitrary File Deletion Vulnerability
Exploit for php platform in category web applications Exploit Title: Schools Alert Management Script - Arbitrary File Deletion Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/schools-alert-management-system/ Category: Web Application Exploit...
Sql injection
SQL Injection exists in PHP Scripts Mall Schools Alert Management Script via the q Parameter in getsec.php...
CVE-2018-12051
Arbitrary File Upload and Remote Code Execution exist in PHP Scripts Mall Schools Alert Management Script via $FILE in /webmasterst/general.php, as demonstrated by a .php file with the image/jpeg content type...
Directory traversal
Arbitrary File Deletion exists in PHP Scripts Mall Schools Alert Management Script via the img parameter in deleteimg.php by using directory traversal...
CVE-2018-12055
CVE-2018-12055 affects PHP Scripts Mall Schools Alert Management Script. The vulnerability is a SQL injection in multiple CGI endpoints (contact_us.php, faq.php, about.php, photo_gallery.php, privacy.php, etc.) triggered by crafted POST data, allowing an attacker to execute arbitrary SQL commands...
CVE-2018-12054
Arbitrary File Read exists in PHP Scripts Mall Schools Alert Management Script via the f parameter in img.php, aka absolute path traversal...
Schools Alert Management Script 2.0.2 SQL Injection
Exploit Title: Schools Alert Management Script - 2.0.2 - Authentication Bypass Date: 07.02.2018 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/schools-alert-management-system/ Category: Web Application Exploit Author: Prasenjit Kanti Paul We...
CVE-2018-6859
CVE-2018-6859 affects the PHP Scripts Mall Schools Alert Management Script (version 2.0.2). A SQL Injection in the Login parameter enables a remote attacker to bypass authentication, effectively gaining access without valid credentials. Several connected sources corroborate an authentication bypa...
CVE-2018-6859
SQL Injection exists in PHP Scripts Mall Schools Alert Management Script 2.0.2 via the Login Parameter...
Remote code execution
Arbitrary File Upload and Remote Code Execution exist in PHP Scripts Mall Schools Alert Management Script 2.0.2 via a profile picture...
CVE-2018-6860
Arbitrary File Upload and Remote Code Execution exist in PHP Scripts Mall Schools Alert Management Script 2.0.2 via a profile picture...
CVE-2018-6860
Arbitrary File Upload and Remote Code Execution exist in PHP Scripts Mall Schools Alert Management Script 2.0.2 via a profile picture...
CVE-2018-6860
CVE-2018-6860 affects the PHP Scripts Mall Schools Alert Management Script 2.0.2. Public sources confirm an arbitrary file upload vulnerability in the profile picture upload flow that can lead to remote code execution. Exploitation samples exist (Exploit-DB PoC and multiple mirrors) showing how a...
Schools Alert Management Script 2.0.2 Arbitrary File Upload / Remote Code Execution
Exploit Title: Schools Alert Management Script - 2.0.2 - Arbitrary File Upload / Remote Code Execution Date: 07.02.2018 Vendor Homepage: https://www.phpscriptsmall.com/ Software Link: https://www.phpscriptsmall.com/product/schools-alert-management-system/ Category: Web Application Exploit Author:...
Schools Alert Management Script 2.01 - 'list_id' SQL Injection
Exploit Title: Schools Alert Management Script v2.01 - SQL Injection Google Dork: N/A Date: 06.03.2017 Vendor Homepage: http://www.phpscriptsmall.com/ Software : http://www.phpscriptsmall.com/product/schools-alert-management-system/ Demo: http://www.schoolcollageerp.com/schoolalert/ Version: 2.01...