Lucene search
K
Oretnom23Simple Student Attendance System

14 matches found

CVE
CVE
added 2024/02/27 4:0 p.m.173 views

CVE-2024-1923

SourceCodester Simple Student Attendance System 1.0 is affected by a SQL injection in the List of Classes Page, in the AJAX endpoint /ajax-api.php (delete_class/delete_student) via the id parameter with payload like 1337'+or+1=1;--+. This remote, unauthenticated vulnerability is triggered by user...

9.8CVSS6.8AI score0.00829EPSS
CVE
CVE
added 2024/02/29 12:0 a.m.93 views

CVE-2023-51801

CVE-2023-51801 concerns a SQL injection in the Simple Student Attendance System v1.0, exploitable via the id parameter in student_form.php and class_form.php. Reported by multiple sources (Red Hat, CNNVD, PRION, NVD/CVE lists) as allowing remote code execution with high impact (C/H/I/A = 9.8). Af...

9.8CVSS8.6AI score0.01182EPSS
CVE
CVE
added 2024/02/23 8:0 p.m.92 views

CVE-2024-1834

The CVE-2024-1834 entry describes a cross-site scripting (XSS) vulnerability in SourceCodester Simple Student Attendance System 1.0, affecting an unknown portion of the file at the endpoint ?page=attendance&class_id=1. By manipulating the class_date (examples show 2024-02-23%22%3E%3Cscript%3Ealer...

6.1CVSS3.9AI score0.00571EPSS
CVE
CVE
added 2024/02/29 12:0 a.m.86 views

CVE-2023-51802

CVE-2023-51802 concerns a Cross Site Scripting (XSS) in the Simple Student Attendance System v1.0. According to multiple sources, the vulnerability affects the /php-attendance/attendance_report component and can be triggered via crafted payloads to the page or class_month parameters, potentially ...

6.1CVSS6.3AI score0.00615EPSS
Web
CVE
CVE
added 2023/12/08 5:0 p.m.59 views

CVE-2023-6617

CVE-2023-6617 affects SourceCodester Simple Student Attendance System 1.0 . The vulnerability exists in the file attendance.php where manipulation of the argument class_id enables a SQL injection . Public disclosure of the exploit is noted in multiple sources, indicating potential active abuse. T...

9.8CVSS6.9AI score0.00796EPSS
CVE
CVE
added 2024/03/03 12:0 a.m.59 views

CVE-2024-25551

CVE-2024-25551 is a Cross Site Scripting (XSS) vulnerability affecting sourcecodester Simple Student Attendance System v1.0. A crafted GET request to the web application URL can allow an attacker to execute arbitrary code. Root cause details are not expanded beyond the XSS description in the prov...

6.1CVSS6.4AI score0.0038EPSS
CVE
CVE
added 2024/06/21 12:0 a.m.55 views

CVE-2024-6212

CVE-2024-6212 affects SourceCodester Simple Student Attendance System 1.0. The vulnerability is in the file student_form.php, function get_student, where manipulating the id parameter enables cross-site scripting. The issue can be exploited remotely and has been publicly disclosed (VDB-269276). A...

6.1CVSS4.1AI score0.00496EPSS
CVE
CVE
added 2023/12/22 4:31 a.m.48 views

CVE-2023-7058

CVE-2023-7058 affects SourceCodester Simple Student Attendance System 1.0. The issue is a path traversal vulnerability caused by manipulating the page argument to access ../filedir, allowing remote exploitation. Exploitation has been disclosed publicly. Affected component/functionality is listed ...

9.8CVSS8.1AI score0.00734EPSS
CVE
CVE
added 2023/12/13 6:31 p.m.45 views

CVE-2023-6771

CVE-2023-6771 affects SourceCodester Simple Student Attendance System 1.0 in the actions.class.php, save_attendance function. The sid parameter is vulnerable to SQL injection, enabling an attacker to manipulate queries. Public exploitation information exists. Affected component: save_attendance (...

9.8CVSS6.9AI score0.00604EPSS
CVE
CVE
added 2023/12/08 5:0 p.m.44 views

CVE-2023-6618

CVE-2023-6618 affects SourceCodester Simple Student Attendance System 1.0. The vulnerability is a file Inclusion in the file index.php caused by improper handling of the page (argument) parameter. Publicly disclosed exploit implies potential arbitrary file inclusion. Affected functionality is uns...

8.8CVSS7.2AI score0.00862EPSS
CVE
CVE
added 2023/12/10 11:0 p.m.42 views

CVE-2023-6658

Affected software : SourceCodester Simple Student Attendance System 1.0. Vulnerability : SQL injection in the file ajax-api.php?action=save_attendance caused by unsafely handling the class_id parameter. The exploit has been disclosed publicly. Impact : As described in the sources, this can compro...

9.8CVSS7AI score0.00799EPSS
CVE
CVE
added 2023/12/08 4:31 p.m.39 views

CVE-2023-6616

CVE-2023-6616 affects SourceCodester Simple Student Attendance System 1.0. The vulnerability resides in index.php where manipulating the page argument enables cross-site scripting. The issue can be exploited remotely; exploits have been disclosed. No fixed version is listed in the provided docume...

6.1CVSS4.8AI score0.00608EPSS
CVE
CVE
added 2023/12/10 9:0 p.m.35 views

CVE-2023-6657

CVE-2023-6657 affects SourceCodester Simple Student Attendance System 1.0. The vulnerability resides in /modals/student_form.php where manipulating the id argument leads to SQL injection. Public disclosures exist; exploitation is plausible per the sources. Impact is high due to potential disclosu...

9.8CVSS7.9AI score0.00875EPSS
CVE
CVE
added 2023/12/08 5:31 p.m.34 views

CVE-2023-6619

The CVE-2023-6619 entry concerns SourceCodester Simple Student Attendance System 1.0. A vulnerability exists in the file /modals/class_form.php where manipulation of the id parameter enables SQL injection. The vulnerability is publicly disclosed and integrated across multiple feeds (NVD, RH, CVE ...

9.8CVSS7.8AI score0.00796EPSS