13 matches found
CVE-2025-14646
The CVE-2025-14646 entry describes a SQL injection in code-projects Student File Management System 1.0, triggered by manipulating the stud_id parameter in /admin/delete_student.php. Connected documents (CNVD-2026-00828, RH:CVE-2025-14646, CNNVD-202512-2597, VULNRICHMENT/CVE-2025-14646, PT-2025-51...
CVE-2025-14621
Summary: CVE-2025-14621 affects Code-Projects’ Student File Management System 1.0. The vulnerability lies in the /admin/update_user.php file where the user_id parameter is not properly validated, enabling SQL injection. Remote exploitation is possible, and an exploit is publicly available. Variou...
CVE-2025-14623
CVE-2025-14623 affects code-projects Student File Management System 1.0. The issue is a SQL injection in /admin/update_student.php caused by unsanitized input in the stud_id parameters (sometimes noted as student_id). Several sources report remote exploitation with a public exploit available, imp...
CVE-2025-14622
Code-projects Student File Management System 1.0 has a SQL injection vulnerability in /admin/save_user.php via the firstname parameter. The issue allows remote exploitation, and public exploits have been released. Multiple connected sources confirm the vulnerability but do not provide a confirmed...
CVE-2025-14645
CVE-2025-14645 affects code-projects Student File Management System 1.0. The vulnerability resides in the /admin/delete_user.php function where manipulating the user_id parameter allows SQL injection. Several connected sources confirm remote exploitation with a publicly available exploit, and mul...
CVE-2025-15050
CVE-2025-15050 affects code-projects Student File Management System 1.0. The vulnerability arises from manipulation of the File argument in the /save_file.php (also reported as /save file.php) allowing unrestricted file uploads. Exploitation is remote and publicly disclosed. Several sources (incl...
CVE-2025-14620
CVE-2025-14620 affects code-projects Student File Management System 1.0. The vulnerability resides in the /admin/login_query.php component, where manipulation of the Username parameter enables SQL injection. The issue appears to be exploitable remotely, and publicly disclosed exploit details exis...
CVE-2025-14640
Affects Code-Projects Student File Management System 1.0. The vulnerability is an SQL injection in the /admin/save_student.php handler, triggered by manipulating the stud_no (or student_no) parameter due to lack of input validation. This can be exploited remotely (attack vector NETWORK) and may a...
CVE-2025-14662
code-projects Student File Management System 1.0 is affected by a Cross-Site Scripting (XSS) vulnerability in the Update User Page, specifically /admin/update_user.php. The flaw arises from an improper handling/manipulation of input, enabling remote attackers to trigger XSS. Multiple connected so...
CVE-2025-15213
The CVE concerns code-projects Student File Management System 1.0, specifically the File Download Handler’s file /download.php. The vulnerability stems from improper authorization caused by manipulating the store_id argument, enabling remote exploitation. Documentation consistently notes that the...
CVE-2025-14619
CVE-2025-14619 affects code-projects’ Student File Management System 1.0. The vulnerability is a SQL injection in the login_query.php file, triggered by manipulating the stud_no argument. Exploitation can be remote, and public exploits exist. The affected functionality is described only as unknow...
CVE-2025-14663
The CVE-2025-14663 entry relates to code-projects' Student File Management System 1.0 and an XSS vulnerability in the /admin/update_student.php endpoint. The connected CNVD/NVD entries corroborate a cross-site scripting flaw arising from insufficient input filtering/escaping of user-supplied data...
CVE-2025-15205
CVE-2025-15205 affects code-projects’ Student File Management System 1.0. The vulnerability is a SQL injection in the file /download.php triggered by manipulating the istore_id parameter, allowing remote exploitation and potentially exposing or tampering with database information. Public exploit ...