2 matches found
CVE-2017-15957
CVE-2017-15957 affects Ingenious School Management System 2.3.0: the file my_profile.php allows a student or teacher to upload an arbitrary file. Public references (Exploit-DB, 0day) document an arbitrary file upload capability, with PoCs targeting the my_profile.php and uploads paths. The vulner...
CVE-2017-16561
CVE-2017-16561 affects Ingenious School Management System 2.3.0. Affected component: /view/friend_profile.php; vulnerability: Boolean-based and Time-based SQL injection in the GET parameter friend_index. Root cause: improper handling/concatenation of user input into SQL, enabling attacker to infl...