383 matches found
CVE-2025-10418
A weakness has been identified in SourceCodester Student Grading System 1.0. Affected by this vulnerability is an unknown functionality of the file /viewstudents.php. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has been made availab...
CVE-2025-10418 SourceCodester Student Grading System view_students.php sql injection
A weakness has been identified in SourceCodester Student Grading System 1.0. Affected by this vulnerability is an unknown functionality of the file /viewstudents.php. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has been made availab...
CVE-2025-10418
CVE-2025-10418 affects SourceCodester Student Grading System 1.0. The vulnerability lies in /view_students.php where manipulation of the ID parameter causes SQL injection. Exploitation can be performed remotely and publicly available exploit code exists. Impact is high for confidentiality, integr...
PT-2025-37438
Name of the Vulnerable Software and Affected Versions: SourceCodester Student Grading System version 1.0 Description: A SQL injection weakness exists in the /view students.php file of the application. Manipulation of the ID argument can trigger the injection. This issue can be exploited remotely...
SourceCodester Student Grading System SQL注入漏洞
SourceCodester Student Grading System is a SourceCodester open source student grading system. A SQL injection vulnerability exists in SourceCodester Student Grading System version 1.0, which stems from incorrect manipulation of the parameter ID in the file /viewstudents.php, which could lead to a...
CVE-2025-6079 School Management System <= 93.2.0 - Authenticated (Student+) Arbitrary File Upload
The School Management System for Wordpress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the homework.php file in all versions up to, and including, 93.2.0. This makes it possible for authenticated attackers, with Student-level access and abov...
Student Attendance Management System 安全漏洞
Student Attendance Management System is a student attendance management system by rickxy individual developer. A security vulnerability exists in Student Attendance Management System v1. The vulnerability stems from SQL injection due to incorrect manipulation of the parameters Id, firstname and...
CVE-2025-50869
A stored Cross-Site Scripting XSS vulnerability exists in the qureydetails.php page of Institute-of-Current-Students 1.0, where the input fields for Query and Answer do not properly sanitize user input. Authenticated users can inject arbitrary JavaScript code...
Institute-of-Current-Students 安全漏洞
Institute-of-Current-Students is a school management website by the individual developer Vishal Mathur. A security vulnerability exists in version 1.0 of Institute-of-Current-Students, which stems from insufficient cleanup of the Query and Answer input fields in the file querydetails.php, which...
CVE-2025-50869
CVE-2025-50869 is a stored XSS vulnerability in Institute-of-Current-Students 1.0, located in the qureydetails.php page. The input fields for Query and Answer are not properly sanitized, allowing authenticated users to inject arbitrary JavaScript code. Public documentation in connected sources co...
Exploit for CVE-2025-52399
CVE-2025-52399 - SQL Injection in Institute of Current Student...
CVE-2025-51411
A reflected cross-site scripting XSS vulnerability exists in Institute-of-Current-Students v1.0 via the email parameter in the /postquerypublic endpoint. The application fails to properly sanitize user input before reflecting it in the HTML response. This allows unauthenticated attackers to injec...
Institute-of-Current-Students 安全漏洞
Institute-of-Current-Students is a school management website by the individual developer Vishal Mathur. A security vulnerability exists in version 1.0 of Institute-of-Current-Students, which stems from improper email parameter cleanup and could lead to reflective cross-site scripting...
CVE-2025-51411
A reflected cross-site scripting XSS vulnerability exists in Institute-of-Current-Students v1.0 via the email parameter in the /postquerypublic endpoint. The application fails to properly sanitize user input before reflecting it in the HTML response. This allows unauthenticated attackers to injec...
CVE-2025-51411
CVE-2025-51411 affects Institute-of-Current-Students v1.0, with a reflected XSS vulnerability in the /postquerypublic endpoint via the email parameter. The root cause is insufficient sanitization of user input, allowing an attacker-controlled string to be reflected in HTML and execute arbitrary J...
Student Record System manage-students.php File SQL Injection Vulnerability
Student Record System is a software application. Student Record System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter del in the file /manage-students.php. An attacker can exploit this vulnerability to...
CVE-2025-6475
A vulnerability was found in SourceCodester Student Result Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /script/admin/managestudents of the component Manage Students Module. The manipulation leads to cross site scripting. The attack m...
CVE-2025-6475 SourceCodester Student Result Management System Manage Students Module manage_students cross site scripting
A vulnerability was found in SourceCodester Student Result Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /script/admin/managestudents of the component Manage Students Module. The manipulation leads to cross site scripting. The attack m...
CVE-2025-6475 SourceCodester Student Result Management System Manage Students Module manage_students cross site scripting
A vulnerability was found in SourceCodester Student Result Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /script/admin/managestudents of the component Manage Students Module. The manipulation leads to cross site scripting. The attack m...
CVE-2025-6475
CVE-2025-6475 affects SourceCodester Student Result Management System 1.0, specifically the Manage Students Module and the file path /script/admin/manage_students. The vulnerability is a cross-site scripting flaw arising from handling input in that file, exploitable remotely with public disclosur...