30 matches found
CVE-2024-3376
CVE-2024-3376 affects SourceCodester Computer Laboratory Management System 1.0. The vulnerability is in the config.php file, where manipulation of the url parameter leads to execution after redirect, enabling remote initiation of an attack. Exploit details are publicly disclosed per the sources. ...
CVE-2024-31547
Computer Laboratory Management System v1.0 is affected by a SQL Injection in the id parameter of /admin/item/view_item.php. The vulnerability arises in the application’s input handling for that endpoint, enabling an attacker to manipulate a SQL query and potentially exfiltrate data or impact inte...
CVE-2024-3251
Summary: CVE-2024-3251 affects SourceCodester Computer Laboratory Management System 1.0. Affected component: the file path /admin/?page=borrow/view_borrow where manipulating the id parameter allows SQL injection. The vulnerability is described as exploitable remotely, with the public disclosure o...
CVE-2024-31545
CVE-2024-31545 affects Computer Laboratory Management System v1.0 and is caused by a vulnerable SQL path in the admin interface: the endpoint "/admin/?page=user/manage_user&id=6" can be exploited via the id parameter to perform SQL Injection. The CVSS 3.1 base score is 9.4 (CRITICAL) with network...
CVE-2024-31546
CVE-2024-31546 affects Computer Laboratory Management System v1.0. The vulnerability is a SQL Injection in the /admin/damage/view_damage.php endpoint via the id parameter, caused by unsafe handling of input in a user-controlled query. The CVSS 3.1 metrics indicate a critical impact: HIGH confiden...
CVE-2024-34224
This CVE affects Computer Laboratory Management System (version 1.0) with a Cross Site Scripting vulnerability in the endpoint /php-lms/classes/Users.php?f=save. The vulnerability allows remote attackers to inject arbitrary web script or HTML through the firstname, middlename, or lastname paramet...
CVE-2024-3139
CVE-2024-3139 affects SourceCodester Computer Laboratory Management System 1.0. The vulnerability lies in the save_users function (/classes/Users.php?f=save), where the id argument is used in file path/authorization logic without proper validation, enabling improper authorization. A remote attack...
CVE-2025-45956
CVE-2025-45956 affects Sourcecodester Computer Laboratory Management System v1.0, via SQL injection in the file manage_damage.php. An authenticated attacker can leverage the vulnerable id parameter to execute arbitrary SQL commands, potentially compromising data integrity and confidentiality as r...
CVE-2024-40443
CVE-2024-40443 affects Simple Laboratory Management System (SourceCodester CS) v1.0, via an SQL injection in the delete_users function of Useres.php that can cause denial of service. The vulnerability stems from insecure SQL handling in the application’s user deletion pathway. Exploitation detail...
CVE-2024-3316
The CVE-2024-3316 entry concerns SourceCodester Computer Laboratory Management System 1.0. Affected functionality is the file /admin/category/view_category.php where manipulating the id parameter causes SQL injection. The issue is exploitable remotely and the exploit has been publicly disclosed, ...
CVE-2024-3314
CVE-2024-3314 affects SourceCodester Computer Laboratory Management System 1.0. The vulnerability is due to SQL injection in the file /classes/Users.php, enabling remote exploitation. Documented impact includes high confidentiality, integrity, and availability concerns. Multiple sources (NVD, Red...
CVE-2024-3315
The CVE-2024-3315 flaw affects SourceCodester Computer Laboratory Management System 1.0, specifically an unknown function in classes/user.php where manipulating the id parameter enables SQL injection. The issue can be exploited remotely, and exploitation has been disclosed publicly (VDB-259386). ...
CVE-2024-3131
CVE-2024-3131 affects SourceCodester Computer Laboratory Management System v1.0. The vulnerability resides in /classes/Master.php?f=save_category where manipulating the id parameter leads to SQL injection, enabling remote exploitation. Public exploitation and disclosure have been reported. The CV...
CVE-2024-8347
CVE-2024-8347 affects SourceCodester Computer Laboratory Management System 1.0. The vulnerable component is the delete_record function in /classes/Master.php?f=delete_record, where manipulation of the id parameter leads to SQL injection. The issue enables remote exploitation and the exploit has b...
CVE-2024-34225
CVE-2024-34225 affects Computer Laboratory Management System (php-lms) version 1.0, with a Cross Site Scripting flaw in the admin info page. The vulnerability arises from the php-lms/admin/?page=system_info endpoint, where the name and shortname parameters can be injected to render arbitrary scri...
CVE-2024-54818
SourceCodester Computer Laboratory Management System 1.0 is vulnerable to Incorrect Access Control, exploitable via /php-lms/admin/?page=user/list. The CVE entry (CVE-2024-54818) is supported by multiple sources (NVD, Red Hat, CIRCL, CNNVD, CVE List, etc.). The underlying issue is improper access...
CVE-2024-3140
The CVE-2024-3140 entry concerns SourceCodester Computer Laboratory Management System 1.0. The vulnerability lies in the /classes/Users.php?f=save path, where manipulation of the middlename argument enables cross-site scripting (XSS). Exploitation is remote, and public disclosures exist (VDB-2589...
CVE-2024-31586
CVE-2024-31586 affects Computer Laboratory Management System v1.0. The vulnerability is a Cross Site Scripting (XSS) flaw that allows a remote attacker to execute arbitrary code via the Borrower Name, Department, and Remarks parameters. The reported impact is limited to the ability to run code wi...
CVE-2024-3377
CVE-2024-3377 affects SourceCodester Computer Laboratory Management System 1.0. The vulnerability resides in the /classes/SystemSettings.php?f=update_settings code, where the manipulation of the argument name enables cross-site scripting (XSS). The issue can be triggered remotely and the exploit ...
CVE-2024-35583
The CVE-2024-35583 entry concerns a cross-site scripting (XSS) vulnerability in Sourcecodester Laboratory Management System v1.0. Concrete details from connected sources show the issue arises in the Remarks input field where a crafted payload can cause arbitrary web scripts/HTML to execute in the...
CVE-2024-8348
CVE-2024-8348 affects SourceCodester Computer Laboratory Management System 1.0, specifically the delete_category function in /classes/Master.php?f=delete_category. The vulnerability is an SQL injection triggered by manipulating the id parameter, and is exploitable remotely. Multiple sources confi...
CVE-2024-35582
CVE-2024-35582 corresponds to a cross-site scripting (XSS) vulnerability in Sourcecodester Laboratory Management System v1.0, exploitable via crafted payloads injected into the Department input field. The available connected documents consistently reference the same issue and confirm the affected...
CVE-2024-3695
CVE-2024-3695 affects SourceCodester Computer Laboratory Management System 1.0. The vulnerability is in the /classes/Users.php file, where manipulating the id argument enables cross-site scripting (XSS). This can be triggered remotely and, per the CVE record, the exploit has been disclosed public...
CVE-2024-34480
SourceCodester Computer Laboratory Management System 1.0 has a SQL Injection vulnerability in admin/category/view_category.php?id. The issue is described across multiple sources, with CVSS 3.1/4.6? Actually CVSS 3.1 vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, base score 9.8 (CRITICAL). The vulne...
CVE-2024-8346
The CVE-2024-8346 instance concerns SourceCodester Computer Laboratory Management System 1.0. The vulnerability resides in the function update_settings_info of /classes/SystemSettings.php?f=update_settings, where manipulation of the name argument enables SQL injection. This flaw can be exploited ...
CVE-2024-41332
CVE-2024-41332 affects Sourcecodester Computer Laboratory Management System v1.0. The issue is an incorrect access control in the delete_category function that lets authenticated users with low privileges arbitrarily delete categories. Public references indicate a privilege-escalation path via a ...
CVE-2024-31544
CVE-2024-31544 applies to the Computer Laboratory Management System v1.0. The vulnerability is a stored cross-site scripting (XSS) flaw that allows an attacker to inject arbitrary JavaScript through the fields “remarks”, “borrower_name” and “faculty_department” in the API endpoint /classes/Master...
CVE-2024-35581
CVE-2024-35581 corresponds to a stored cross-site scripting (XSS) vulnerability in Sourcecodester Laboratory Management System v1.0, where a crafted payload in the Borrower Name input field can run arbitrary web scripts/HTML. Connected sources (e.g., PT-2024-26558) confirm the affected software/v...
CVE-2024-34479
Vulnerability overview for CVE-2024-34479: Affects SourceCodester Computer Laboratory Management System 1.0. The flaw resides in the classes/Master.php id parameter, enabling SQL Injection due to insufficient input handling. Reported impact in the sources indicates full confidentiality, integrity...
CVE-2026-3770
Technical details for CVE-2026-3770 are not publicly available in the provided documents. Monitor for vendor advisories and official feeds for updates.