Lucene search

K

Schools Alert Management Script Security Vulnerabilities - November

cve
cve

CVE-2018-12051

Arbitrary File Upload and Remote Code Execution exist in PHP Scripts Mall Schools Alert Management Script via $_FILE in /webmasterst/general.php, as demonstrated by a .php file with the image/jpeg content type.

9.8CVSS

9.6AI Score

0.029EPSS

2018-06-08 11:29 AM
24
cve
cve

CVE-2018-12052

SQL Injection exists in PHP Scripts Mall Schools Alert Management Script via the q Parameter in get_sec.php.

9.8CVSS

9.9AI Score

0.008EPSS

2018-06-08 11:29 AM
39
cve
cve

CVE-2018-12053

Arbitrary File Deletion exists in PHP Scripts Mall Schools Alert Management Script via the img parameter in delete_img.php by using directory traversal.

7.5CVSS

7.5AI Score

0.72EPSS

2018-06-08 11:29 AM
40
cve
cve

CVE-2018-12054

Arbitrary File Read exists in PHP Scripts Mall Schools Alert Management Script via the f parameter in img.php, aka absolute path traversal.

7.5CVSS

7.5AI Score

0.324EPSS

2018-06-08 11:29 AM
48
cve
cve

CVE-2018-12055

Multiple SQL Injections exist in PHP Scripts Mall Schools Alert Management Script via crafted POST data in contact_us.php, faq.php, about.php, photo_gallery.php, privacy.php, and so on.

9.8CVSS

9.7AI Score

0.562EPSS

2018-06-08 11:29 AM
41
cve
cve

CVE-2018-6859

SQL Injection exists in PHP Scripts Mall Schools Alert Management Script 2.0.2 via the Login Parameter.

9.8CVSS

9.9AI Score

0.008EPSS

2018-02-23 06:29 PM
27
cve
cve

CVE-2018-6860

Arbitrary File Upload and Remote Code Execution exist in PHP Scripts Mall Schools Alert Management Script 2.0.2 via a profile picture.

8.8CVSS

8.9AI Score

0.008EPSS

2018-02-12 03:29 AM
19