Simple School Management System Security Vulnerabilities and Issues — Simple School Management System CVE List

Code-projectsSimple School Management System

9 matches found

CVE•added 2024/02/09 12:0 a.m.•98 views

CVE-2024-25304

The CVE-2024-25304 affects Code-projects Simple School Management System 1.0, where an SQL Injection flaw exists in the School/index.php entry point via the 'apass' parameter. The root cause is lack of input validation for this parameter, enabling attackers to manipulate queries and potentially a...

8.8CVSS9.1AI score0.00706EPSS

Web

CVE•added 2024/02/09 12:0 a.m.•93 views

CVE-2024-25305

CVE-2024-25305 affects Code-projects Simple School Managment System 1.0. The issue is an authentication bypass via the username and password parameters on the School/index.php endpoint, enabling bypass of login to gain administrative access. The connected documents corroborate the vulnerability a...

8.8CVSS8.7AI score0.00944EPSS

Web

CVE•added 2024/02/09 12:0 a.m.•84 views

CVE-2024-25309

CVE-2024-25309 : The Code-projects Simple School Managment System (version 1.0) is reported vulnerable to SQL injection through the pass parameter in School/teacher_login.php. The vulnerability is confirmed across multiple feeds (NVD, Red Hat, CNVD, CNVD-like entries, PRION, CNNVD, etc.), with CV...

8.8CVSS9.1AI score0.00706EPSS

Web

CVE•added 2024/02/09 12:0 a.m.•79 views

CVE-2024-25310

Code-projects Simple School Managment System 1.0 is affected by a SQL Injection in the endpoint School/delete.php?id=5. The vulnerability stems from unsanitized input in the id parameter, enabling arbitrary SQL execution with potential impact on confidentiality, integrity, and availability (CVSSv...

8.8CVSS9.1AI score0.00721EPSS

Web

CVE•added 2024/04/25 12:0 a.m.•60 views

CVE-2024-31610

CVE-2024-31610 affects Code-Projects Simple School Management System v1.0. The issue is a File Upload vulnerability in the avatar upload function that allows an attacker to execute arbitrary code by uploading a crafted file. Reported metrics indicate a network attack vector with low privileges re...

6.3CVSS7.3AI score0.00447EPSS

CVE•added 2024/02/09 12:0 a.m.•51 views

CVE-2024-25313

The CVE-2024-25313 entry concerns Code-projects Simple School Managment System 1.0 with an authentication bypass in School/teacher_login.php via the username and password parameters. Public documents consistently describe bypass of authentication (high impact: confidentiality, integrity, availabi...

8.8CVSS8.7AI score0.00778EPSS

Web

CVE•added 2024/02/09 12:0 a.m.•50 views

CVE-2024-25312

CVE-2024-25312 affects Code-projects Simple School Managment System 1.0. Affected component: the id parameter in the endpoint at School/sub_delete.php?id=5, where lack of input validation enables SQL Injection. This is documented across multiple sources (NVD/Red Hat/CNVD/CVE listing) and describe...

8.8CVSS9.1AI score0.00706EPSS

Web

CVE•added 2024/02/09 12:0 a.m.•37 views

CVE-2024-25306

CVE-2024-25306 affects Code-projects Simple School Managment System 1.0. The vulnerability is a SQL injection via the aname parameter in School/index.php , caused by lack of input validation. Impact is described as high on confidentiality, integrity, and availability per CVSS 3.1 (AV:N/AC:L/PR:L/...

8.8CVSS9.1AI score0.00721EPSS

Web

CVE•added 2024/02/09 12:0 a.m.•37 views

CVE-2024-25308

CVE-2024-25308 concerns Code-projects Simple School Managment System 1.0, where an SQL injection flaw exists in the teacher_login.php endpoint via the name parameter. The CVSS metrics included with the entry indicate a high impact: base score 8.8 (Confidentiality, Integrity, Availability all High...

8.8CVSS9.1AI score0.00721EPSS

Web