Casap Automated Enrollment System Security Vulnerabilities and Issues — Casap Automated Enrollment System CVE List

Lucene search

Casap Automated Enrollment System ProjectCasap Automated Enrollment System

11 matches found

CVE•added 2021/02/09 12:15 a.m.•70 views

CVE-2021-3294

CASAP Automated Enrollment System 1.0 is affected by cross-site scripting (XSS) in users.php. An attacker can steal a cookie to perform user redirection to a malicious website.

5.4CVSS5.2AI score0.0057EPSS

CVE•added 2021/02/15 9:15 p.m.•57 views

CVE-2021-26201

The Login Panel of CASAP Automated Enrollment System 1.0 is vulnerable to SQL injection authentication bypass. An attacker can obtain access to the admin panel by injecting a SQL query in the username field of the login page.

9.8CVSS9.8AI score0.00154EPSS

CVE•added 2021/07/22 7:15 p.m.•55 views

CVE-2021-27332

Cross-site scripting (XSS) vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to inject arbitrary web script or HTML via the class_name parameter to update_class.php.

6.1CVSS6AI score0.00285EPSS

CVE•added 2021/07/22 7:15 p.m.•48 views

CVE-2021-26223

SQL injection vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to view_pay.php.

9.8CVSS9.9AI score0.00513EPSS

CVE•added 2021/07/22 5:15 p.m.•33 views

CVE-2021-26227

Cross-site scripting (XSS) vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to inject arbitrary web script or HTML via the student information parameters to edit_stud.php.

6.1CVSS6AI score0.00222EPSS

CVE•added 2021/11/08 9:15 p.m.•31 views

CVE-2021-40261

Multiple Cross Site Scripting (XSS) vulnerabilities exist in SourceCodester CASAP Automated Enrollment System 1.0 via the (1) user_username and (2) category parameters in save_class.php, the (3) firstname, (4) class, and (5) status parameters in student_table.php, the (6) category and (7) class_nam...

6.1CVSS6.1AI score0.0024EPSS

CVE•added 2021/07/22 5:15 p.m.•30 views

CVE-2021-26228

SQL injection vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to edit_class1.php.

9.8CVSS9.9AI score0.00617EPSS

CVE•added 2021/07/22 6:15 p.m.•29 views

CVE-2021-26226

SQL injection vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to edit_user.php.

9.8CVSS9.9AI score0.00513EPSS

CVE•added 2021/07/22 5:15 p.m.•29 views

CVE-2021-26229

SQL injection vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the id parameter to edit_stud.php.

9.8CVSS9.9AI score0.00513EPSS

CVE•added 2021/04/15 12:15 p.m.•27 views

CVE-2021-27129

CASAP Automated Enrollment System version 1.0 contains a cross-site scripting (XSS) vulnerability through the Students > Edit > ROUTE parameter.

5.4CVSS5.3AI score0.00181EPSS

CVE•added 2021/07/22 5:15 p.m.•26 views

CVE-2021-26230

Cross-site scripting (XSS) vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to inject arbitrary web script or HTML via the user information to save_user.php.

6.1CVSS6AI score0.00222EPSS