104 matches found
CVE-2024-34931
CVE-2024-34931 describes a SQL injection in Campcodes Complete Web-Based School Management System 1.0, exploitable via the parameter name in /model/update_subject.php. The root cause is unsanitized user input allowing arbitrary SQL commands, leading to high-impact outcomes across confidentiality,...
CVE-2024-34932
The CVE-2024-34932 entry concerns Campcodes Complete Web-Based School Management System 1.0. A SQL injection vulnerability exists in the /model/update_exam.php endpoint, exploitable via the name parameter to execute arbitrary SQL commands. The issue is described across multiple connected records ...
CVE-2024-34934
The CVE-2024-34934 entry concerns Campcodes Complete Web-Based School Management System 1.0. A SQL injection flaw exists in /view/emarks_range_grade_update_form.php, exploitable via the conversation_id parameter, allowing an attacker to execute arbitrary SQL commands. Impact is described as high ...
CVE-2024-34936
Campcodes Complete Web-Based School Management System 1.0 has a SQL injection in /view/event1.php triggered by the month parameter. The vulnerability allows execution of arbitrary SQL commands, with CVSS v3.1 base metrics: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L (8.6, HIGH). Root cause: unsanitized/u...
CVE-2024-34929
CVE-2024-34929 affects Campcodes Complete Web-Based School Management System version 1.0. The vulnerability is a SQL injection in the /view/find_friends.php endpoint, exploitable via the my_index parameter to execute arbitrary SQL commands. Root cause is insecure handling of user input in that AP...
CVE-2024-34933
Campcodes Complete Web-Based School Management System 1.0 contains a SQL injection vulnerability in the /model/update_grade.php endpoint, exploitable via the admission_fee parameter. The issue allows an attacker to execute arbitrary SQL commands. Multiple connected sources (Red Hat, NVD/CNVD-like...
CVE-2024-34930
CVE-2024-34930 affects Campcodes Complete Web-Based School Management System 1.0; a SQL injection exists in /model/all_events1.php exploitable via the month parameter, enabling arbitrary SQL commands and impacting data integrity/availability. Root cause/technical details beyond the Initial descri...
CVE-2024-34935
CVE-2024-34935 : A SQL injection in Campcodes Complete Web-Based School Management System 1.0 affects the endpoint /view/conversation_history_admin.php via the conversation_id parameter. The underlying issue is improper handling of user-supplied input, enabling an attacker to execute arbitrary SQ...
CVE-2024-4523
CVE-2024-4523 affects Campcodes Complete Web-Based School Management System 1.0. The vulnerability arises from cross-site scripting in the year parameter of the file /view/teacher_attendance_history1.php, enabling remote exploitation. Multiple connected sources confirm the issue and its public di...
CVE-2024-5240
The CVE-2024-5240 entry pertains to Campcodes Complete Web-Based School Management System v1.0, with a SQL injection in the /view/unread_msg.php file caused by manipulating the my_index argument. Multiple connected sources confirm remote exploitation and public disclosure of the exploit. Concrete...
CVE-2024-34927
The CVE-2024-34927 entry concerns a SQL injection in the Campcodes Complete Web-Based School Management System 1.0, specifically in the /model/update_classroom.php endpoint via the name parameter. The vulnerability allows an attacker to execute arbitrary SQL commands, with a critical impact profi...
CVE-2024-34928
CVE-2024-34928 affects Campcodes Complete Web-Based School Management System 1.0. A SQL injection flaw exists in /model/update_subject_routing.php via the grade parameter, enabling an attacker to execute arbitrary SQL commands. The vulnerability stems from improper input handling in the stated en...
CVE-2024-5238
CVE-2024-5238 affects Campcodes Complete Web-Based School Management System 1.0. The vulnerability is an SQL injection in an unknown part of /view/timetable_insert_form.php triggered by manipulating the grade parameter. It can be exploited remotely and has publicly disclosed exploit information (...
CVE-2024-5103
CVE-2024-5103 affects Campcodes Complete Web-Based School Management System v1.0. The vulnerability is an SQL injection in the file /view/student_first_payment.php caused by manipulation of the grade parameter. It is exploitable remotely, with the exploit publicly disclosed. Details across source...
CVE-2024-5237
CVE-2024-5237 affects Campcodes Complete Web-Based School Management System 1.0. The vulnerability is a SQL injection in /view/timetable_grade_wise.php driven by unsafely manipulated grade parameter. Root cause: improper handling of user input enables attacker-controlled SQL execution remotely; c...
CVE-2024-33803
CVE-2024-33803 affects Campcodes Complete Web-Based School Management System 1.0. A SQL injection exists in /model/get_exam.php via the id parameter, enabling arbitrary SQL commands as described in multiple sources. The vulnerability is documented with a CVSS v3.1 base score of 5.4 (Medium) with ...
CVE-2024-5239
The CVE-2024-5239 issue affects Campcodes Complete Web-Based School Management System 1.0. The vulnerability resides in the /view/timetable_update_form.php code path where manipulation of the grade parameter enables SQL injection. It is exploitable remotely, and public disclosure of the exploit i...
CVE-2024-4521
CVE-2024-4521 affects Campcodes Complete Web-Based School Management System 1.0. The vulnerability is a cross-site scripting flaw in the unknown function of the file /view/teacher_salary_details2.php caused by manipulation of the index parameter. It is remotely exploitable and the exploit has bee...
CVE-2024-4647
CVE-2024-4647 affects Campcodes Complete Web-Based School Management System 1.0. A cross-site scripting vulnerability exists in an unknown functionality of the file /view/student_first_payment.php, triggered by manipulating the index parameter. Exploitation is possible remotely, and public disclo...
CVE-2024-5232
CVE-2024-5232 affects Campcodes Complete Web-Based School Management System 1.0. A SQL injection vulnerability exists in an unknown part of /view/teacher_salary_details2.php caused by manipulation of the index argument. It can be exploited remotely and publicly disclosed exploits exist. CVSS metr...
CVE-2024-5236
CVE-2024-5236 affects Campcodes Complete Web-Based School Management System 1.0. The vulnerability is an SQL injection in the file /view/teacher_salary_invoice1.php triggered by manipulating the date parameter. It is exploitable remotely, and public exploit information exists. Affected component ...
CVE-2024-4526
CVE-2024-4526 affects Campcodes Complete Web-Based School Management System 1.0. The issue is a cross-site scripting vulnerability in the month parameter of /view/student_payment_details3.php. Attack could be initiated remotely and the exploit has been publicly disclosed. Multiple connected sourc...
CVE-2024-4648
Campcodes Complete Web-Based School Management System v1.0 contains a cross-site scripting (XSS) vulnerability in the /view/student_exam_mark_update_form.php file, triggered by manipulating the std_index parameter. Publicly disclosed exploits indicate remote attack potential. Connected sources co...
CVE-2024-4908
Campcodes Complete Web-Based School Management System 1.0 contains a SQL injection vulnerability in the /view/student_attendance_history1.php script. The issue arises from manipulation of the index parameter, enabling an injection remotely. The vulnerability entry notes that the attack may be ini...
CVE-2024-5234
CVE-2024-5234 affects Campcodes Complete Web-Based School Management System 1.0. The vulnerability is a SQL injection caused by manipulation of the argument index in the file /view/teacher_salary_history1.php, enabling remote attack. Exploit has been disclosed publicly. Documentation confirms the...
CVE-2024-4514
CVE-2024-4514 affects Campcodes Complete Web-Based School Management System 1.0 . The vulnerability is in the file /view/timetable_insert_form.php, where manipulating the grade argument can trigger a cross-site scripting (XSS) vulnerability. The issue is exploitable remotely, and exploits have be...
CVE-2024-4650
CVE-2024-4650 affects Campcodes Complete Web-Based School Management System 1.0. A cross-site scripting flaw exists in the due_month parameter of /view/student_due_payment.php, allowing remote exploitation. The issue stems from manipulation of due_month in that script, enabling XSS. Public exploi...
CVE-2024-5233
CVE-2024-5233 affects Campcodes Complete Web-Based School Management System 1.0. The issue is an SQL injection caused by manipulation of the index argument in the file /view/teacher_salary_details3.php. The vulnerability can be triggered remotely and the exploit has been disclosed publicly. The c...
CVE-2024-33405
CVE-2024-33405 concerns the Campcodes Complete Web-Based School Management System 1.0. The vulnerability is an SQL injection in the add_friends.php script, exploitable via the friend_index parameter, allowing an attacker to execute arbitrary SQL commands. The description across connected document...
CVE-2024-5104
The CVE-2024-5104 entry concerns Campcodes Complete Web-Based School Management System 1.0. Affected component: /view/student_grade_wise.php. Root cause: manipulation of the grade parameter enables SQL injection. Impacted outcomes include confidentiality, integrity, and availability as indicated ...
CVE-2024-33402
CVE-2024-33402 affects Campcodes Complete Web-Based School Management System 1.0. A SQL injection exists in /model/approve_petty_cash.php via the id parameter, allowing arbitrary SQL commands. CVSS 3.1 BASE score 8.1 (HIGH) with network attack vector, low complexity, low privileges required, no u...
CVE-2024-5235
CVE-2024-5235 affects Campcodes Complete Web-Based School Management System 1.0. The vulnerability exists in an unknown function of the file /view/teacher_salary_invoice.php, where manipulating the argument teacher_id leads to a SQL injection. It is exploitable remotely and the exploit has been d...
CVE-2024-5115
CVE-2024-5115 affects Campcodes Complete Web-Based School Management System 1.0. The vulnerability is an SQL injection in an unknown functionality of the file /view/teacher_profile.php triggered by manipulating the index parameter, with remote feasibility and public disclosure of exploits. Multip...
CVE-2024-4513
Campcodes Complete Web-Based School Management System 1.0 is affected by a cross-site scripting vulnerability in the grade parameter of /view/timetable_update_form.php. Root cause: unsanitized user input leads to XSS. Impact: allows remote exploitation; exploitation details have been disclosed pu...
CVE-2024-4652
Campcodes Complete Web-Based School Management System 1.0 contains a cross-site scripting flaw in /view/show_teacher2.php via the month parameter. The vulnerability is exploitable remotely and has been publicly disclosed. Affected component is an unknown function; root cause is input manipulation...
CVE-2024-5105
CVE-2024-5105 affects Campcodes Complete Web-Based School Management System 1.0. The vulnerability exists in an unknown portion of the file /view/student_payment_details.php, where manipulation of the argument index enables a SQL injection. Exploitation is possible remotely, and the exploit has b...
CVE-2024-5106
CVE-2024-5106 affects Campcodes Complete Web-Based School Management System 1.0. The vulnerability is a SQL injection in the file /view/student_payment_details3.php, caused by manipulating the index parameter. It is exploitable remotely and an exploit has been disclosed publicly. Various sources ...
CVE-2024-33411
CVE-2024-33411 affects Campcodes Complete Web-Based School Management System 1.0. The vulnerability is a SQL injection in the /model/get_admin_profile.php endpoint, exploitable via the my_index parameter to execute arbitrary SQL commands. Impact is described as high confidentiality, integrity, an...
CVE-2024-4517
CVE-2024-4517 affects Campcodes Complete Web-Based School Management System 1.0. The vulnerability exists in an unknown portion of the file /view/teacher_salary_invoice1.php where the date parameter can be manipulated to trigger a cross-site scripting (XSS) attack. Exploitation can be performed r...
CVE-2024-4518
CVE-2024-4518 affects Campcodes Complete Web-Based School Management System 1.0. The vulnerability is a cross-site scripting flaw in the /view/teacher_salary_invoice.php file caused by unsafely manipulating the desc parameter. It can be exploited remotely, with exploit information publicly disclo...
CVE-2024-4519
CVE-2024-4519 describes a Cross-Site Scripting vulnerability in Campcodes Complete Web-Based School Management System v1.0, triggered by manipulating the month parameter in /view/teacher_salary_details3.php. The issue is exploitable remotely and has been publicly disclosed. Affected component: fi...
CVE-2024-4525
The CVE-2024-4525 entry describes a cross-site scripting (XSS) vulnerability in Campcodes Complete Web-Based School Management System 1.0, arising from manipulation of the index argument in the file /view/student_payment_details4.php. It affects unknown/unspecified code paths within that file and...
CVE-2024-33407
CVE-2024-33407 describes a SQL injection vulnerability in Campcodes Complete Web-Based School Management System v1.0, specifically in the /model/delete_record.php script where an unsafely handled id parameter allows an attacker to execute arbitrary SQL commands. Affected product: Complete Web-Bas...
CVE-2024-5231
CVE-2024-5231 affects Campcodes Complete Web-Based School Management System 1.0. The vulnerability is an SQL injection in an unknown function tied to the file /view/teacher_salary_details.php, caused by manipulation of the index parameter. Exploitation can be remote, and public exploit informatio...
CVE-2024-33403
The CVE-2024-33403 describes a SQL injection in Campcodes Complete Web-Based School Management System 1.0, specifically in /model/get_events.php via the event_id parameter. Root cause: unsafely constructed SQL queries susceptible to arbitrary SQL execution. Impact: high severity with potential co...
CVE-2024-33802
CVE-2024-33802 describes an SQL injection in Campcodes Complete Web-Based School Management System 1.0. The vulnerability affects /model/get_student_subject.php and is exploitable via the index parameter, allowing an attacker to execute arbitrary SQL commands. Exploitation status is not provided ...
CVE-2024-5109
CVE-2024-5109 concerns Campcodes Complete Web-Based School Management System 1.0. The vulnerability is a SQL injection in an unknown function of the file /view/student_payment_history.php, triggered by manipulating the index argument. It is exploitable remotely, and the exploit has been publicly ...
CVE-2024-33409
CVE-2024-33409 describes an SQL injection in the Campcodes Complete Web-Based School Management System 1.0. The vulnerable component is the index.php and the name parameter; the underlying cause is improper input handling enabling arbitrary SQL execution. Documents indicate a high-severity impact...
CVE-2024-4527
CVE-2024-4527 affects Campcodes Complete Web-Based School Management System v1.0. The vulnerability is a cross-site scripting (XSS) flaw in an unknown function of the file /view/student_payment_details2.php where manipulation of the index argument enables attack execution. The issue can be exploi...
CVE-2024-5110
CVE-2024-5110 affects Campcodes Complete Web-Based School Management System 1.0. The vulnerability is an SQL injection in /view/student_payment_invoice.php triggered by manipulation of the index parameter. An attacker may exploit remotely; public disclosure of the exploit is indicated. No concret...