23 matches found
CVE-2023-5283
SourceCodester Engineers Online Portal 1.0 contains a SQL injection vulnerability in teacher_signup.php caused by unsafely handling the firstname/lastname parameters. The issue can be exploited remotely and an exploit has been disclosed publicly. Affected component is the login/registration flow ...
CVE-2023-5276
CVE-2023-5276 affects SourceCodester Engineers Online Portal v1.0, specifically the downloadable_student.php file where manipulation of the id parameter enables SQL injection. The root cause is unsanitized input leading to injection, with remote attack potential. Public details confirm the vulner...
CVE-2023-5280
SourceCodester Engineers Online Portal 1.0 contains a SQL injection in my_students.php via the id parameter, allowing remote exploitation. The vulnerability is publicly disclosed (VDB-240908) and can impact confidentiality, integrity, and availability per CVSS metrics; no specific remediation is ...
CVE-2023-5278
CVE-2023-5278 affects SourceCodester Engineers Online Portal 1.0, specifically the login.php file. The vulnerability is a SQL injection in the handling of the username/password parameters, enabling remote exploitation. Documents indicate exploitation has been disclosed publicly and that the impac...
CVE-2023-5281
CVE-2023-5281 affects SourceCodester Engineers Online Portal 1.0. The vulnerability resides in an unknown part of remove_inbox_message.php where manipulating the id parameter leads to a SQL injection. It can be exploited remotely, and the exploit has been disclosed publicly per the description. T...
CVE-2023-5284
SourceCodester Engineers Online Portal 1.0 contains a vulnerability in the upload_save_student.php function where manipulating the uploaded_file parameter enables unrestricted file upload. This remote exploitation can lead to arbitrary code execution as indicated by multiple sources; the vulnerab...
CVE-2023-5279
CVE-2023-5279 affects SourceCodester Engineers Online Portal 1.0, with the vulnerability in the file with unknown functionality, my_classmates.php. The issue arises from manipulating the parameter teacher_class_student_id , enabling a SQL injection . Several connected sources report remote access...
CVE-2021-42664
The CVE-2021-42664 entry corresponds to a stored XSS in Sourcecodester Engineers Online Portal (PHP). Affected page: add_quiz.php with vulnerable inputs quiz_title and quiz_description (description parameters). Exploitation allows injected JavaScript to execute in victims’ browsers, potentially e...
CVE-2021-42668
The CVE-2021-42668 entry concerns an SQL Injection in Sourcecodester Engineers Online Portal (PHP) via the id parameter in my_classmates.php. Affects the vulnerable page and parameter, enabling an attacker to extract sensitive data from the web server; in some cases it can lead to remote code exe...
CVE-2021-42669
CVE-2021-42669 is a PHP file-upload vulnerability in Sourcecodester Engineers Online Portal (via dashboard_teacher.php and avatar upload through teacher_avatar.php). An uploaded avatar is stored under /admin/uploads/ and is accessible to all users. Attackers can upload a PHP webshell containing ...
CVE-2021-43437
Technical details, affected versions, exploit methods, and fixes for CVE-2021-43437 are not publicly provided in the supplied documents; monitor official advisories for updates.
CVE-2021-42666
Sourcecodester Engineers Online Portal (PHP) is affected by CVE-2021-42666 due to an SQL injection in the id parameter of quiz_question.php. The vulnerability allows an attacker to extract sensitive data from the web server, and in some cases may lead to remote code execution on the server. Publi...
CVE-2021-42665
CVE-2021-42665 affects the Sourcecodester Engineers Online Portal (PHP) via the login.php form. The vulnerability is an SQL Injection in the authentication routine that can allow bypassing login without valid credentials. Affected component is the login mechanism (username/password fields), with ...
CVE-2021-42670
CVE-2021-42670 affects Sourcecodester Engineers Online Portal (PHP) with a SQL injection in the announcements_student.php id parameter. The vulnerability allows an attacker to manipulate SQL queries to extract data from the web server, with potential remote code execution in some scenarios as des...
CVE-2023-5277
CVE-2023-5277 affects SourceCodester Engineers Online Portal 1.0. The issue lies in processing of student_avatar.php where manipulation of the change parameter enables unrestricted file upload, enabling remote exploitation. Several connected sources corroborate unrestricted upload risk; no offici...
CVE-2021-42671
CVE-2021-42671 (and related CVEs 42669) describe an unauthorized access/control flaw in Sourcecodester Engineers Online Portal (PHP) within nia_munoz_monitoring_system/admin/uploads. The issue enables bypassing access controls to view all files uploaded to the web server without authentication or...
CVE-2023-5282
CVE-2023-5282 affects SourceCodester Engineers Online Portal 1.0; vulnerable in seed_message_student.php, where manipulating the teacher_id parameter enables SQL injection. Exploitation described as remote with public disclosure; multiple sources corroborate the vulnerability. Documented impact i...
CVE-2024-0351
SourceCodester Engineers Online Portal 1.0 contains a session fixation vulnerability. The issue arises from session handling allowing remote initiation and requiring user interaction to exploit. No specific vulnerable component/version details beyond 1.0 are provided; remediation is not described...
CVE-2024-0350
The CVE-2024-0350 entry concerns SourceCodester Engineers Online Portal 1.0. Affected component: session handling logic where manipulation leads to session expiration. Impact is described as session expiration with remote attack possibility; attack complexity is high and exploitation has been dis...
CVE-2024-0260
CVE-2024-0260 affects SourceCodester Engineers Online Portal 1.0. The vulnerable element is an unknown function in the file change_password_teacher.php of the Password Change component. Manipulation leads to session expiration and the issue is exploitable remotely; the exploit has been publicly d...
CVE-2024-0348
The CVE-2024-0348 entry concerns SourceCodester Engineers Online Portal 1.0. The vulnerability affects the File Upload Handler component (an unknown function) and leads to resource consumption. The issue is exploitable remotely over the network, with the exploit publicly disclosed (VDB-250116). S...
CVE-2024-0347
SourceCodester Engineers Online Portal 1.0 is affected by CVE-2024-0347 through a vulnerability in signup_teacher.php where manipulation of the Password argument leads to weak password requirements. The issue can be triggered remotely, has high attack complexity, and exploitation is difficult, wi...
CVE-2024-0349
Affected product: SourceCodester Engineers Online Portal 1.0. The issue is a missing secure attribute on sensitive cookies, enabling potential cookie leakage. A remote attacker could exploit this vulnerability, with attack complexity described as high and no user interaction required. Multiple so...