14 matches found
CVE-2024-1923
SourceCodester Simple Student Attendance System 1.0 is affected by a SQL injection in the List of Classes Page, in the AJAX endpoint /ajax-api.php (delete_class/delete_student) via the id parameter with payload like 1337'+or+1=1;--+. This remote, unauthenticated vulnerability is triggered by user...
CVE-2023-51801
CVE-2023-51801 concerns a SQL injection in the Simple Student Attendance System v1.0, exploitable via the id parameter in student_form.php and class_form.php. Reported by multiple sources (Red Hat, CNNVD, PRION, NVD/CVE lists) as allowing remote code execution with high impact (C/H/I/A = 9.8). Af...
CVE-2024-1834
The CVE-2024-1834 entry describes a cross-site scripting (XSS) vulnerability in SourceCodester Simple Student Attendance System 1.0, affecting an unknown portion of the file at the endpoint ?page=attendance&class_id=1. By manipulating the class_date (examples show 2024-02-23%22%3E%3Cscript%3Ealer...
CVE-2023-51802
CVE-2023-51802 concerns a Cross Site Scripting (XSS) in the Simple Student Attendance System v1.0. According to multiple sources, the vulnerability affects the /php-attendance/attendance_report component and can be triggered via crafted payloads to the page or class_month parameters, potentially ...
CVE-2023-6617
CVE-2023-6617 affects SourceCodester Simple Student Attendance System 1.0 . The vulnerability exists in the file attendance.php where manipulation of the argument class_id enables a SQL injection . Public disclosure of the exploit is noted in multiple sources, indicating potential active abuse. T...
CVE-2024-25551
CVE-2024-25551 is a Cross Site Scripting (XSS) vulnerability affecting sourcecodester Simple Student Attendance System v1.0. A crafted GET request to the web application URL can allow an attacker to execute arbitrary code. Root cause details are not expanded beyond the XSS description in the prov...
CVE-2024-6212
CVE-2024-6212 affects SourceCodester Simple Student Attendance System 1.0. The vulnerability is in the file student_form.php, function get_student, where manipulating the id parameter enables cross-site scripting. The issue can be exploited remotely and has been publicly disclosed (VDB-269276). A...
CVE-2023-7058
CVE-2023-7058 affects SourceCodester Simple Student Attendance System 1.0. The issue is a path traversal vulnerability caused by manipulating the page argument to access ../filedir, allowing remote exploitation. Exploitation has been disclosed publicly. Affected component/functionality is listed ...
CVE-2023-6618
CVE-2023-6618 affects SourceCodester Simple Student Attendance System 1.0. The vulnerability is a file Inclusion in the file index.php caused by improper handling of the page (argument) parameter. Publicly disclosed exploit implies potential arbitrary file inclusion. Affected functionality is uns...
CVE-2023-6771
CVE-2023-6771 affects SourceCodester Simple Student Attendance System 1.0 in the actions.class.php, save_attendance function. The sid parameter is vulnerable to SQL injection, enabling an attacker to manipulate queries. Public exploitation information exists. Affected component: save_attendance (...
CVE-2023-6658
Affected software : SourceCodester Simple Student Attendance System 1.0. Vulnerability : SQL injection in the file ajax-api.php?action=save_attendance caused by unsafely handling the class_id parameter. The exploit has been disclosed publicly. Impact : As described in the sources, this can compro...
CVE-2023-6616
CVE-2023-6616 affects SourceCodester Simple Student Attendance System 1.0. The vulnerability resides in index.php where manipulating the page argument enables cross-site scripting. The issue can be exploited remotely; exploits have been disclosed. No fixed version is listed in the provided docume...
CVE-2023-6657
CVE-2023-6657 affects SourceCodester Simple Student Attendance System 1.0. The vulnerability resides in /modals/student_form.php where manipulating the id argument leads to SQL injection. Public disclosures exist; exploitation is plausible per the sources. Impact is high due to potential disclosu...
CVE-2023-6619
The CVE-2023-6619 entry concerns SourceCodester Simple Student Attendance System 1.0. A vulnerability exists in the file /modals/class_form.php where manipulation of the id parameter enables SQL injection. The vulnerability is publicly disclosed and integrated across multiple feeds (NVD, RH, CVE ...