383 matches found
Code-Projects Intern Membership Management System SQL注入漏洞
Code-Projects Intern Membership Management System is a Code-Projects open source intern membership management system . Code-Projects Intern Membership Management System version 1.0 has a SQL injection vulnerability , the vulnerability stems from the wrong operation of the parameter adminid in the...
PT-2026-1972
Name of the Vulnerable Software and Affected Versions code-projects Intern Membership Management System version 1.0 Description A security issue exists in code-projects Intern Membership Management System version 1.0. The issue involves the manipulation of the admin id argument within an unknown...
PT-2026-1983
Name of the Vulnerable Software and Affected Versions PHPGurukul Online Course Registration System versions prior to 3.1 Description A flaw exists in PHPGurukul Online Course Registration System that allows for SQL injection. The issue is located in the file...
PDPL Metric: Validating a Scale to Measure Personal Data Privacy Literacy among University Students
Personal data privacy literacy PDPL refers to a collection of digital literacy skills related to an individuals ability to understand, evaluate, and manage the collection, use, and protection of personal data in online and digital environments. This study introduces and validates a new psychometr...
CVE-2025-61148
An Insecure Direct Object Reference IDOR vulnerability in the EduplusCampus 3.0.1 Student Payment API allows authenticated users to access other students personal and financial records by modifying the 'recno' parameter in the /student/get-receipt endpoint...
CVE-2025-41070 Reflected Cross-site Scripting (XSS) in Sanoma's Clickedu
Reflected Cross-site Scripting XSS vulnerability in Sanoma's Clickedu. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL in '/students/carpetesvaries.php'. This vulnerability can be exploited to steal sensitive user data, such...
Student Record System manage-students.php Component Cross-Site Request Forgery Vulnerability
Student Record System is a software application. Student Record System suffers from a cross-site request forgery vulnerability that stems from the manage-students.php component not adequately verifying that a request is from a trusted user, which could be exploited by an attacker to cause...
CVE-2025-63955
A Cross-Site Request Forgery CSRF vulnerability in the manage-students.php component of PHPGurukul Student Record System v3.2 allows an attacker to trick an authenticated administrator into submitting a forged request. This leads to the unauthorized deletion of user accounts, causing a Denial of...
EUVD-2025-198075
A Cross-Site Request Forgery CSRF vulnerability in the manage-students.php component of PHPGurukul Student Record System v3.2 allows an attacker to trick an authenticated administrator into submitting a forged request. This leads to the unauthorized deletion of user accounts, causing a Denial of...
CVE-2025-63955
A Cross-Site Request Forgery CSRF vulnerability in the manage-students.php component of PHPGurukul Student Record System v3.2 allows an attacker to trick an authenticated administrator into submitting a forged request. This leads to the unauthorized deletion of user accounts, causing a Denial of...
PT-2025-47385
Name of the Vulnerable Software and Affected Versions PHPGurukul Student Record System version 3.2 Description A Cross-Site Request Forgery CSRF issue exists in the manage-students.php component. An attacker can trick an authenticated administrator into submitting a forged request, leading to the...
PHPGurukul Student Record System 安全漏洞
Student Record System is a software application. Student Record System suffers from a cross-site request forgery vulnerability that stems from the manage-students.php component not adequately verifying that a request is from a trusted user, which could be exploited by an attacker to cause...
Exploit for CVE-2025-63955
CVE-2025-63955 – Cross-Site Request Forgery CSRF leading t...
BackWeak: Backdooring Knowledge Distillation Simply with Weak Triggers and Fine-Tuning
Knowledge Distillation KD is essential for compressing large models, yet relying on pre-trained "teacher" models downloaded from third-party repositories introduces serious security risks -- most notably backdoor attacks. Existing KD backdoor methods are typically complex and computationally...
CVE-2025-64705
Frappe Learning version range 2.0.0–2.40.9 suffers an information-disclosure vulnerability where users could view submissions from other students due to improper access control and direct URL access. The issue is fixed in version 2.41.0 by enforcing proper roles and redirecting direct URL access....
CVE-2025-64705 Frappe user was able to access the submission of other students
Frappe Learning is a learning system that helps users structure their content. Starting in version 2.0.0 and prior to version 2.41.0, users were able to access the submissions made by other students The issue has been fixed in version 2.41.0 by ensuring proper roles and redirecting if accessed vi...
EUVD-2025-35911
The Tutor LMS Pro – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.8.3 due to missing validation on a user controlled key when viewing and editing assignments through the tutorassignmentsubmit...
Online Course Registration /admin/manage-students.php File SQL Injection Vulnerability
Online Course Registration is an online course registration system. Online Course Registration suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter ID of the file /admin/manage-students.php. An attacker can...
CVE-2025-11329
A flaw has been found in code-projects Online Course Registration 1.0. Impacted is an unknown function of the file /admin/manage-students.php. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used...
CVE-2025-11329
A flaw has been found in code-projects Online Course Registration 1.0. Impacted is an unknown function of the file /admin/manage-students.php. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used...