3 matches found
CVE-2024-4992
CVE-2024-4992 : Vulnerability in SiAdmin 1.1 allows SQL injection via the nim parameter in the endpoint /modul/mod_kuliah/aksi_kuliah.php (also noted as /modul/mod kuliah/aksi kuliah.php). This could enable a remote attacker to craft SQL queries and retrieve all stored information. The connected ...
CVE-2024-4991
CVE-2024-4991 concerns SiAdmin 1.1, where an SQL injection arises from the parameter handling in the endpoint “/modul/mod_pass/aksi_pass.php” via the nama_lengkap input. The root cause is unsafely constructed SQL queries that can be manipulated by an attacker, enabling retrieval of data from the ...
CVE-2024-4993
Summary: CVE-2024-4993 describes an XSS vulnerability in SiAdmin 1.1 triggered by the /show.php query parameter, which could allow a remote attacker to craft a URL that, when opened by an authenticated user, may lead to cookie session credential leakage. What’s affected: SiAdmin 1.1; vulnerabilit...