12 matches found
CVE-2025-70147
Missing authentication in /admin/student.php and /admin/teacher.php in ProjectWorlds Online Time Table Generator 1.0 allows remote attackers to obtain sensitive information including plaintext password field values via direct HTTP GET requests to these endpoints without a valid session...
School Fees Payment Management System /ajax.php?action=save_student file SQL injection vulnerability
School Fees Payment Management System is a tuition payment management system. The School Fees Payment Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter ID of the file...
CVE-2025-13057
A vulnerability was identified in Campcodes School Fees Payment Management System 1.0. Impacted is an unknown function of the file /ajax.php?action=savestudent. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and...
CVE-2025-13057
A vulnerability was identified in Campcodes School Fees Payment Management System 1.0. Impacted is an unknown function of the file /ajax.php?action=savestudent. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and...
CVE-2024-8172
A vulnerability, which was classified as problematic, has been found in SourceCodester QR Code Attendance System 1.0. This issue affects some unknown processing of the file /endpoint/delete-student.php. The manipulation of the argument student/attendance leads to cross site scripting. The attack...
PT-2024-38178
Name of the Vulnerable Software and Affected Versions: SourceCodester School Log Management System version 1.0 Description: A problem was found in the processing of the file "/admin/ajax.php?action=save student". The manipulation of the name argument leads to cross-site scripting. The attack can ...
CVE-2024-6731
A vulnerability classified as critical has been found in SourceCodester Student Study Center Desk Management System 1.0. This affects an unknown part of the file /Master.php?f=savestudent. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely...
PT-2022-27443 · Unknown · Web-Based Student Clearance System
Name of the Vulnerable Software and Affected Versions: Web-Based Student Clearance System version 1.0 Description: The Web-Based Student Clearance System contains a cross-site scripting XSS issue in the /Admin/add-student.php endpoint. This allows attackers to execute arbitrary web scripts or HTM...
Library Management System SQL注入漏洞
Library Management System is a library management system with QR code attendance and automatic library card generation by King Albaracin Personal Developer. A security vulnerability exists in Library Management System v1.0, which was discovered to contain an SQL injection vulnerability via the...
CVE-2022-36682
Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=deletestudent...
PT-2022-23551 · Unknown · Simple Task Scheduling System
Name of the Vulnerable Software and Affected Versions: Simple Task Scheduling System version 1.0 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the id parameter at the "/classes/Master.php?f=delete student" endpoint. Recommendations: Fo...
CVE-2022-24231
Simple Student Information System v1.0 was discovered to contain a SQL injection vulnerability via add/Student...