8 matches found
CVE-2025-13241
The CVE concerns code-projects Student Information System 2.0, where the vulnerability resides in the /index.php file. The Username parameter can be manipulated to achieve SQL injection, allowing remote execution. The issue is supported by multiple sources (NVD, Red Hat, CNVD, CNNVD, EUVD, VulnDB...
CVE-2025-13244
The CVE-2025-13244 entry concerns code-projects Student Information System 2.0. The vulnerability is a cross-site scripting flaw in the /register.php file, affecting an unspecified function; the issue enables remote exploitation and has publicly disclosed exploit information. Multiple connected s...
CVE-2025-15052
CVE-2025-15052 affects code-projects Student Information System 1.0. The vulnerability resides in the file /profile.php, where manipulation of the firstname/lastname parameters enables cross-site scripting. This can be exploited remotely and there are public exploits. Multiple connected sources (...
CVE-2025-13240
Code-Projects Student Information System 2.0 is affected by an SQL injection in /searchquery.php via the s parameter. Multiple connected sources confirm remote exploitation is possible and that exploits are public. Specifics: vulnerability originates from unsanitized input in s, enabling SQL comm...
CVE-2025-15053
CVE-2025-15053 affects code-projects Student Information System 1.0. The flaw is a SQL injection in the /searchresults.php processing of the searchbox parameter, exploitable remotely. Multiple sources confirm an exploit has been published. No concrete remediation/version fix is provided in the su...
CVE-2025-13243
CVE-2025-13243 affects code-projects Student Information System 2.0. The vulnerable component is the /editprofile.php file, in an unknown function, where input is not properly filtered, leading to a SQL injection. The vulnerability is exploitable remotely, and the exploit has been publicly releas...
CVE-2025-13242
CVE-2025-13242 affects code-projects Student Information System 2.0. The vulnerability is in the /register.php handler, where improper handling of user input enables SQL injection. It is exploitable remotely and, according to sources, the exploit has been disclosed publicly. Root cause is input h...
CVE-2025-13245
CVE-2025-13245 affects code-projects Student Information System 2.0. The vulnerability lies in an unspecified function within /editprofile.php that mishandles input, enabling cross-site scripting. Exploitation can be performed remotely, and publicly available exploits exist. Several connected sou...