Lucene search
K
OranbyteSchool Management System

8 matches found

CVE
CVE
added 2025/08/28 12:0 a.m.18 views

CVE-2025-51967

Summary: CVE-2025-51967 describes a reflected XSS in ProjectsAndPrograms School Management System 1.0. The vulnerability exists in the themeSet.php script where user input supplied to the theme POST parameter is not properly sanitized, enabling an attacker to inject arbitrary JavaScript executed ...

6.1CVSS5.9AI score0.00213EPSS
CVE
CVE
added 2025/10/13 3:32 a.m.17 views

CVE-2025-11659

ProjectsAndPrograms School Management System is affected by CVE-2025-11659 due to a flaw in the /assets/uploadNotes.php File parameter, enabling unrestricted file upload. Reports indicate remote exploitation is possible and an exploit has been published. The issue stems from insufficient validati...

9.8CVSS7.1AI score0.00535EPSS
Web
CVE
CVE
added 2025/10/13 2:32 a.m.15 views

CVE-2025-11657

CVE-2025-11657 affects ProjectsAndPrograms School Management System, up to version 6b6fae5426044f89c08d0dd101c7fa71f9042a59. The vulnerability is in the /assets/createNotice.php script where manipulation of the File parameter enables unrestricted file uploads. This can be triggered remotely and i...

9.8CVSS6.3AI score0.00535EPSS
Web
CVE
CVE
added 2025/09/27 10:32 a.m.14 views

CVE-2025-11056

CVE-2025-11056 affects ProjectsAndPrograms School Management System 1.0. The vulnerability is in the file owner_panel/fetch-data/select-students.php where manipulation of the select parameter causes a SQL injection. Remote exploitation is possible and exploits have been published. Several connect...

9.8CVSS6.4AI score0.00367EPSS
Web
CVE
CVE
added 2025/10/13 2:2 a.m.12 views

CVE-2025-11656

CVE-2025-11656 concerns ProjectsAndPrograms School Management System. Multiple sources confirm a weakness in the PHP file /assets/editNotes.php, where unsanitized manipulation of the File argument enables unrestricted (arbitrary) file upload. The vulnerability is exploitable remotely and has publ...

9.8CVSS6.3AI score0.00535EPSS
Web
CVE
CVE
added 2025/10/13 3:2 a.m.12 views

CVE-2025-11658

CVE-2025-11658 affects ProjectsAndPrograms School Management System. The issue resides in the PHP file /assets/changeSllyabus.php, where an unknown function mishandles the File argument, allowing unrestricted remote file uploads. Exploitation is public and can be leveraged remotely, with no versi...

9.8CVSS7.2AI score0.00415EPSS
Web
CVE
CVE
added 2025/10/13 4:2 a.m.12 views

CVE-2025-11660

The CVE-2025-11660 entry concerns ProjectsAndPrograms School Management System up to version 6b6fae5426044f89c08d0dd101c7fa71f9042a59. All connected sources identify an issue in the file /assets/uploadSllyabus.php where manipulation of the File parameter enables unrestricted file uploads, allowin...

9.8CVSS7.1AI score0.00415EPSS
Web
CVE
CVE
added 2025/10/13 4:32 a.m.8 views

CVE-2025-11661

ProjectsAndPrograms School Management System is reported to have an authentication bypass vulnerability that can be exploited remotely. The flaw allows manipulation to bypass authentication, with the exploit publicly available and affecting versions prior to commit hash 6b6fae5426044f89c08d0dd101...

9.8CVSS7AI score0.00562EPSS