Lucene search
K
Engineers Online Portal ProjectEngineers Online Portal

23 matches found

CVE
CVE
added 2023/09/29 7:0 p.m.156 views

CVE-2023-5283

SourceCodester Engineers Online Portal 1.0 contains a SQL injection vulnerability in teacher_signup.php caused by unsafely handling the firstname/lastname parameters. The issue can be exploited remotely and an exploit has been disclosed publicly. Affected component is the login/registration flow ...

8.8CVSS7.3AI score0.00645EPSS
Web
CVE
CVE
added 2023/09/29 5:0 p.m.130 views

CVE-2023-5276

CVE-2023-5276 affects SourceCodester Engineers Online Portal v1.0, specifically the downloadable_student.php file where manipulation of the id parameter enables SQL injection. The root cause is unsanitized input leading to injection, with remote attack potential. Public details confirm the vulner...

9.8CVSS7.5AI score0.00684EPSS
CVE
CVE
added 2023/09/29 6:0 p.m.129 views

CVE-2023-5280

SourceCodester Engineers Online Portal 1.0 contains a SQL injection in my_students.php via the id parameter, allowing remote exploitation. The vulnerability is publicly disclosed (VDB-240908) and can impact confidentiality, integrity, and availability per CVSS metrics; no specific remediation is ...

9.8CVSS7.3AI score0.00684EPSS
CVE
CVE
added 2023/09/29 5:31 p.m.125 views

CVE-2023-5278

CVE-2023-5278 affects SourceCodester Engineers Online Portal 1.0, specifically the login.php file. The vulnerability is a SQL injection in the handling of the username/password parameters, enabling remote exploitation. Documents indicate exploitation has been disclosed publicly and that the impac...

9.8CVSS7.4AI score0.00732EPSS
Web
CVE
CVE
added 2023/09/29 6:31 p.m.125 views

CVE-2023-5281

CVE-2023-5281 affects SourceCodester Engineers Online Portal 1.0. The vulnerability resides in an unknown part of remove_inbox_message.php where manipulating the id parameter leads to a SQL injection. It can be exploited remotely, and the exploit has been disclosed publicly per the description. T...

9.8CVSS8.1AI score0.0069EPSS
CVE
CVE
added 2023/09/29 7:31 p.m.125 views

CVE-2023-5284

SourceCodester Engineers Online Portal 1.0 contains a vulnerability in the upload_save_student.php function where manipulating the uploaded_file parameter enables unrestricted file upload. This remote exploitation can lead to arbitrary code execution as indicated by multiple sources; the vulnerab...

8.8CVSS7.1AI score0.00832EPSS
CVE
CVE
added 2023/09/29 6:0 p.m.123 views

CVE-2023-5279

CVE-2023-5279 affects SourceCodester Engineers Online Portal 1.0, with the vulnerability in the file with unknown functionality, my_classmates.php. The issue arises from manipulating the parameter teacher_class_student_id , enabling a SQL injection . Several connected sources report remote access...

9.8CVSS7.4AI score0.00684EPSS
CVE
CVE
added 2021/11/05 12:19 p.m.90 views

CVE-2021-42664

The CVE-2021-42664 entry corresponds to a stored XSS in Sourcecodester Engineers Online Portal (PHP). Affected page: add_quiz.php with vulnerable inputs quiz_title and quiz_description (description parameters). Exploitation allows injected JavaScript to execute in victims’ browsers, potentially e...

5.4CVSS5.2AI score0.01647EPSS
Web
CVE
CVE
added 2021/11/05 12:34 p.m.77 views

CVE-2021-42668

The CVE-2021-42668 entry concerns an SQL Injection in Sourcecodester Engineers Online Portal (PHP) via the id parameter in my_classmates.php. Affects the vulnerable page and parameter, enabling an attacker to extract sensitive data from the web server; in some cases it can lead to remote code exe...

9.8CVSS9.9AI score0.04654EPSS
Web
CVE
CVE
added 2021/11/05 12:36 p.m.70 views

CVE-2021-42669

CVE-2021-42669 is a PHP file-upload vulnerability in Sourcecodester Engineers Online Portal (via dashboard_teacher.php and avatar upload through teacher_avatar.php). An uploaded avatar is stored under /admin/uploads/ and is accessible to all users. Attackers can upload a PHP webshell containing ...

10CVSS9.6AI score0.2327EPSS
Web
CVE
CVE
added 2021/12/20 7:24 p.m.70 views

CVE-2021-43437

Technical details, affected versions, exploit methods, and fixes for CVE-2021-43437 are not publicly provided in the supplied documents; monitor official advisories for updates.

8.8CVSS8.5AI score0.01227EPSS
CVE
CVE
added 2021/11/05 12:24 p.m.67 views

CVE-2021-42666

Sourcecodester Engineers Online Portal (PHP) is affected by CVE-2021-42666 due to an SQL injection in the id parameter of quiz_question.php. The vulnerability allows an attacker to extract sensitive data from the web server, and in some cases may lead to remote code execution on the server. Publi...

8.8CVSS9.2AI score0.04414EPSS
Web
CVE
CVE
added 2021/11/05 12:21 p.m.62 views

CVE-2021-42665

CVE-2021-42665 affects the Sourcecodester Engineers Online Portal (PHP) via the login.php form. The vulnerability is an SQL Injection in the authentication routine that can allow bypassing login without valid credentials. Affected component is the login mechanism (username/password fields), with ...

9.8CVSS9.9AI score0.0487EPSS
Web
CVE
CVE
added 2021/11/05 12:39 p.m.62 views

CVE-2021-42670

CVE-2021-42670 affects Sourcecodester Engineers Online Portal (PHP) with a SQL injection in the announcements_student.php id parameter. The vulnerability allows an attacker to manipulate SQL queries to extract data from the web server, with potential remote code execution in some scenarios as des...

9.8CVSS9.8AI score0.08285EPSS
Web
CVE
CVE
added 2023/09/29 5:31 p.m.55 views

CVE-2023-5277

CVE-2023-5277 affects SourceCodester Engineers Online Portal 1.0. The issue lies in processing of student_avatar.php where manipulation of the change parameter enables unrestricted file upload, enabling remote exploitation. Several connected sources corroborate unrestricted upload risk; no offici...

9.8CVSS8.1AI score0.00822EPSS
CVE
CVE
added 2021/11/05 12:41 p.m.53 views

CVE-2021-42671

CVE-2021-42671 (and related CVEs 42669) describe an unauthorized access/control flaw in Sourcecodester Engineers Online Portal (PHP) within nia_munoz_monitoring_system/admin/uploads. The issue enables bypassing access controls to view all files uploaded to the web server without authentication or...

7.5CVSS7.7AI score0.19676EPSS
CVE
CVE
added 2023/09/29 7:0 p.m.52 views

CVE-2023-5282

CVE-2023-5282 affects SourceCodester Engineers Online Portal 1.0; vulnerable in seed_message_student.php, where manipulating the teacher_id parameter enables SQL injection. Exploitation described as remote with public disclosure; multiple sources corroborate the vulnerability. Documented impact i...

9.8CVSS7.4AI score0.00684EPSS
CVE
CVE
added 2024/01/09 11:0 p.m.52 views

CVE-2024-0351

SourceCodester Engineers Online Portal 1.0 contains a session fixation vulnerability. The issue arises from session handling allowing remote initiation and requiring user interaction to exploit. No specific vulnerable component/version details beyond 1.0 are provided; remediation is not described...

3.5CVSS4.3AI score0.00591EPSS
CVE
CVE
added 2024/01/09 10:31 p.m.49 views

CVE-2024-0350

The CVE-2024-0350 entry concerns SourceCodester Engineers Online Portal 1.0. Affected component: session handling logic where manipulation leads to session expiration. Impact is described as session expiration with remote attack possibility; attack complexity is high and exploitation has been dis...

6.5CVSS6.4AI score0.00478EPSS
CVE
CVE
added 2024/01/07 12:0 a.m.47 views

CVE-2024-0260

CVE-2024-0260 affects SourceCodester Engineers Online Portal 1.0. The vulnerable element is an unknown function in the file change_password_teacher.php of the Password Change component. Manipulation leads to session expiration and the issue is exploitable remotely; the exploit has been publicly d...

7.5CVSS7.6AI score0.00524EPSS
CVE
CVE
added 2024/01/09 10:0 p.m.46 views

CVE-2024-0348

The CVE-2024-0348 entry concerns SourceCodester Engineers Online Portal 1.0. The vulnerability affects the File Upload Handler component (an unknown function) and leads to resource consumption. The issue is exploitable remotely over the network, with the exploit publicly disclosed (VDB-250116). S...

6.5CVSS6.5AI score0.01051EPSS
CVE
CVE
added 2024/01/09 9:31 p.m.45 views

CVE-2024-0347

SourceCodester Engineers Online Portal 1.0 is affected by CVE-2024-0347 through a vulnerability in signup_teacher.php where manipulation of the Password argument leads to weak password requirements. The issue can be triggered remotely, has high attack complexity, and exploitation is difficult, wi...

3.7CVSS4.5AI score0.00921EPSS
CVE
CVE
added 2024/01/09 10:31 p.m.39 views

CVE-2024-0349

Affected product: SourceCodester Engineers Online Portal 1.0. The issue is a missing secure attribute on sensitive cookies, enabling potential cookie leakage. A remote attacker could exploit this vulnerability, with attack complexity described as high and no user interaction required. Multiple so...

5.3CVSS5.3AI score0.00385EPSS