18 matches found
CVE-2022-32368
The CVE-2022-32368 entry concerns itsourcecode Advanced School Management System v1.0, affected by a SQL injection vulnerability in /school/model/get_grade.php?id=. The issue arises from unsanitized input passed to SQL statements, enabling an attacker to manipulate queries and potentially access ...
CVE-2022-32370
The CVE-2022-32370 entry is corroborated across multiple feeds as a SQL injection flaw in itsourcecode Advanced School Management System v1.0, exploitable via /school/model/get_classroom.php?id=. Root cause: missing input validation on the id parameter leading to SQL statement manipulation. Repor...
CVE-2022-32374
CVE-2022-32374 affects itsourcecode Advanced School Management System v1.0. The vulnerability is a SQL Injection in the endpoint /school/model/get_subject_routing.php?id= where user input is not validated, enabling an attacker to manipulate SQL queries and potentially disclose or modify database ...
CVE-2022-32376
CVE-2022-32376 affects itsourcecode Advanced School Management System v1.0 and is caused by SQL injection in the parameter event_id of /school/model/get_events.php. The vulnerability arises from unvalidated external input, enabling attackers to manipulate SQL statements and potentially access or ...
CVE-2022-32375
CVE-2022-32375 affects itsourcecode Advanced School Management System v1.0. The vulnerability is a SQL Injection flaw in /school/model/get_timetable.php?id=, caused by improper input handling, enabling potential unauthorized access to or manipulation of database data. The CVSS scores indicate hig...
CVE-2022-32377
CVE-2022-32377 is documented as an SQL Injection vulnerability in itsourcecode Advanced School Management System v1.0, exploitable via /school/model/get_exam_timetable.php?id=. The connected records (NVD, Red Hat, CNVD, CVE lists) confirm a persistent SQLi issue affecting the application. CVSS me...
CVE-2022-34580
CVE-2022-34580 affects Advanced School Management System v1.0. The issue is a cross-site scripting (XSS) vulnerability exploitable via the address parameter at ip/school/index.php. Documented CVSS: 4.8 (MEDIUM) with network attack vector, high privileges required and user interaction. APT/Exploit...
CVE-2022-32379
CVE-2022-32379 affects itsourcecode Advanced School Management System v1.0, vulnerable to SQL Injection via /school/model/get_parents_profile.php?my_index=. The root cause is lack of validation for externally supplied SQL statements, enabling an attacker to potentially access or modify sensitive ...
CVE-2022-32380
CVE-2022-32380 affects itsourcecode Advanced School Management System v1.0. The vulnerability is SQL Injection in the get_student_subject.php script (via index parameter), caused by insufficient input validation. Multiple connected sources (CNVD/CNNVD/Red Hat/ CVE lists) confirm the same flaw and...
CVE-2022-34586
CVE-2022-34586 affects itsourcecode Advanced School Management System v1.0, with a SQL Injection vulnerability exploitable via the grade parameter in /school/view/student_grade_wise.php. The entry is corroborated by multiple connected records indicating an SQL injection issue; the CVSS 3.1 base s...
CVE-2022-32433
CVE-2022-32433 affects itsourcecode Advanced School Management System v1.0. The vulnerability enables Arbitrary code execution via the endpoint ip/school/view/all_teacher.php. The CVE entry provides a basic impact assessment (CVSS v3.1: base score 7.2, HIGH) and indicates network-based access wit...
CVE-2022-34588
The CVE-2022-34588 entry concerns itsourcecode Advanced School Management System v1.0. A SQL Injection vulnerability exists in the grade parameter of the /school/view/timetable_insert_form.php endpoint. The issue is the classic improper handling of user-controlled input that leads to SQL query ma...
CVE-2022-32381
The CVE-2022-32381 entry concerns itsourcecode Advanced School Management System v1.0, which is vulnerable to SQL injection through /school/model/get_admin_profile.php?my_index=. The vulnerability is caused by lack of input validation for external SQL statements, enabling attackers to manipulate ...
CVE-2022-32378
CVE-2022-32378 covers SQL Injection in the itsourcecode Advanced School Management System v1.0. The vulnerability is reachable via /school/model/get_teacher_profile.php?my_index= and arises from lack of input validation on external input, allowing attackers to manipulate SQL statements. The issue...
CVE-2022-34594
CVE-2022-34594 affects Advanced School Management System v1.0. The vulnerability is a cross-site scripting (XSS) flaw exploitable via the component ip/school/moudel/update_subject.php, where a crafted payload in the Edit Subject field can cause arbitrary web scripts/HTML to execute. The NVD entry...
CVE-2022-32372
Affected software : itsourcecode Advanced School Management System v1.0 (open source PHP/MySQL-based). Vulnerability : SQL Injection via /school/model/get_subject.php?id= (unsafely handling user input in a SQL query). Root cause : input parameter not sanitized/filtered before database query. Impa...
CVE-2022-32373
The CVE-2022-32373 entry describes a SQL Injection vulnerability in itsourcecode Advanced School Management System v1.0, exploitable through the parameter id in /school/model/get_exam.php. The root cause is unsanitized external input leading to SQL command execution, enabling access to sensitive ...
CVE-2022-32371
CVE-2022-32371 affects itsourcecode Advanced School Management System v1.0. The vulnerability is a SQL Injection in get_teacher.php?id= where user-supplied input is not validated, enabling potentially illegal SQL commands and data exposure as described across CVE records (CNVD, RH). The connected...