8 matches found
CVE-2025-51967
Summary: CVE-2025-51967 describes a reflected XSS in ProjectsAndPrograms School Management System 1.0. The vulnerability exists in the themeSet.php script where user input supplied to the theme POST parameter is not properly sanitized, enabling an attacker to inject arbitrary JavaScript executed ...
CVE-2025-11659
ProjectsAndPrograms School Management System is affected by CVE-2025-11659 due to a flaw in the /assets/uploadNotes.php File parameter, enabling unrestricted file upload. Reports indicate remote exploitation is possible and an exploit has been published. The issue stems from insufficient validati...
CVE-2025-11657
CVE-2025-11657 affects ProjectsAndPrograms School Management System, up to version 6b6fae5426044f89c08d0dd101c7fa71f9042a59. The vulnerability is in the /assets/createNotice.php script where manipulation of the File parameter enables unrestricted file uploads. This can be triggered remotely and i...
CVE-2025-11056
CVE-2025-11056 affects ProjectsAndPrograms School Management System 1.0. The vulnerability is in the file owner_panel/fetch-data/select-students.php where manipulation of the select parameter causes a SQL injection. Remote exploitation is possible and exploits have been published. Several connect...
CVE-2025-11656
CVE-2025-11656 concerns ProjectsAndPrograms School Management System. Multiple sources confirm a weakness in the PHP file /assets/editNotes.php, where unsanitized manipulation of the File argument enables unrestricted (arbitrary) file upload. The vulnerability is exploitable remotely and has publ...
CVE-2025-11658
CVE-2025-11658 affects ProjectsAndPrograms School Management System. The issue resides in the PHP file /assets/changeSllyabus.php, where an unknown function mishandles the File argument, allowing unrestricted remote file uploads. Exploitation is public and can be leveraged remotely, with no versi...
CVE-2025-11660
The CVE-2025-11660 entry concerns ProjectsAndPrograms School Management System up to version 6b6fae5426044f89c08d0dd101c7fa71f9042a59. All connected sources identify an issue in the file /assets/uploadSllyabus.php where manipulation of the File parameter enables unrestricted file uploads, allowin...
CVE-2025-11661
ProjectsAndPrograms School Management System is reported to have an authentication bypass vulnerability that can be exploited remotely. The flaw allows manipulation to bypass authentication, with the exploit publicly available and affecting versions prior to commit hash 6b6fae5426044f89c08d0dd101...