Lucene search
K

12 matches found

Cvelist
Cvelist
added 2026/02/18 12:0 a.m.23 views

CVE-2025-70147

Missing authentication in /admin/student.php and /admin/teacher.php in ProjectWorlds Online Time Table Generator 1.0 allows remote attackers to obtain sensitive information including plaintext password field values via direct HTTP GET requests to these endpoints without a valid session...

0.0045EPSS
Exploits1References2
CNVD
CNVD
added 2025/11/20 12:0 a.m.4 views

School Fees Payment Management System /ajax.php?action=save_student file SQL injection vulnerability

School Fees Payment Management System is a tuition payment management system. The School Fees Payment Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter ID of the file...

9.8CVSS6AI score0.00289EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/11/13 7:8 p.m.11 views

CVE-2025-13057

A vulnerability was identified in Campcodes School Fees Payment Management System 1.0. Impacted is an unknown function of the file /ajax.php?action=savestudent. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and...

9.8CVSS7.1AI score0.00289EPSS
Exploits1References1
NVD
NVD
added 2025/11/12 7:15 p.m.6 views

CVE-2025-13057

A vulnerability was identified in Campcodes School Fees Payment Management System 1.0. Impacted is an unknown function of the file /ajax.php?action=savestudent. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and...

9.8CVSS0.00289EPSS
Exploits1References5
OSV
OSV
added 2024/08/26 4:15 p.m.7 views

CVE-2024-8172

A vulnerability, which was classified as problematic, has been found in SourceCodester QR Code Attendance System 1.0. This issue affects some unknown processing of the file /endpoint/delete-student.php. The manipulation of the argument student/attendance leads to cross site scripting. The attack...

6.1CVSS3.9AI score0.0042EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2024/07/30 12:0 a.m.5 views

PT-2024-38178

Name of the Vulnerable Software and Affected Versions: SourceCodester School Log Management System version 1.0 Description: A problem was found in the processing of the file "/admin/ajax.php?action=save student". The manipulation of the name argument leads to cross-site scripting. The attack can ...

6.1CVSS3.2AI score0.00483EPSS
Exploits1References8
OSV
OSV
added 2024/07/14 10:15 p.m.4 views

CVE-2024-6731

A vulnerability classified as critical has been found in SourceCodester Student Study Center Desk Management System 1.0. This affects an unknown part of the file /Master.php?f=savestudent. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely...

8.8CVSS5.8AI score0.00618EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2022/11/28 12:0 a.m.4 views

PT-2022-27443 · Unknown · Web-Based Student Clearance System

Name of the Vulnerable Software and Affected Versions: Web-Based Student Clearance System version 1.0 Description: The Web-Based Student Clearance System contains a cross-site scripting XSS issue in the /Admin/add-student.php endpoint. This allows attackers to execute arbitrary web scripts or HTM...

4.8CVSS5.1AI score0.00467EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/08/30 12:0 a.m.5 views

Library Management System SQL注入漏洞

Library Management System is a library management system with QR code attendance and automatic library card generation by King Albaracin Personal Developer. A security vulnerability exists in Library Management System v1.0, which was discovered to contain an SQL injection vulnerability via the...

9.8CVSS8.5AI score0.00789EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2022/08/26 1:15 p.m.2 views

CVE-2022-36682

Simple Task Scheduling System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /classes/Master.php?f=deletestudent...

9.8CVSS7.4AI score0.00891EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2022/08/26 12:0 a.m.24 views

PT-2022-23551 · Unknown · Simple Task Scheduling System

Name of the Vulnerable Software and Affected Versions: Simple Task Scheduling System version 1.0 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the id parameter at the "/classes/Master.php?f=delete student" endpoint. Recommendations: Fo...

9.8CVSS9.4AI score0.00891EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2022/04/05 2:15 a.m.7 views

CVE-2022-24231

Simple Student Information System v1.0 was discovered to contain a SQL injection vulnerability via add/Student...

10CVSS7.4AI score0.01735EPSS
Exploits1References3
Rows per page
Query Builder